VirtualBox

Ticket #16658: wxp 2015-2017-04-16-10-25-04harden

File wxp 2015-2017-04-16-10-25-04harden, 397.2 KB (added by jorluiord, 8 years ago)
Line 
13198.25dc: Log file opened: 5.1.18r114002 g_hStartupLog=000000000000005c g_uNtVerCombined=0xa0383900
23198.25dc: \SystemRoot\System32\ntdll.dll:
33198.25dc: CreationTime: 2016-12-11T14:54:38.710266600Z
43198.25dc: LastWriteTime: 2016-11-11T10:13:03.409595100Z
53198.25dc: ChangeTime: 2017-03-18T22:21:12.371574600Z
63198.25dc: FileAttributes: 0x20
73198.25dc: Size: 0x1cc888
83198.25dc: NT Headers: 0xd8
93198.25dc: Timestamp: 0x5825887f
103198.25dc: Machine: 0x8664 - amd64
113198.25dc: Timestamp: 0x5825887f
123198.25dc: Image Version: 10.0
133198.25dc: SizeOfImage: 0x1d1000 (1904640)
143198.25dc: Resource Dir: 0x168000 LB 0x67988
153198.25dc: ProductName: Microsoft® Windows® Operating System
163198.25dc: ProductVersion: 10.0.14393.479
173198.25dc: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
183198.25dc: FileDescription: NT Layer DLL
193198.25dc: \SystemRoot\System32\kernel32.dll:
203198.25dc: CreationTime: 2016-07-16T11:42:16.155721400Z
213198.25dc: LastWriteTime: 2016-07-16T11:42:16.155721400Z
223198.25dc: ChangeTime: 2016-09-30T07:23:25.351168200Z
233198.25dc: FileAttributes: 0x20
243198.25dc: Size: 0xaade8
253198.25dc: NT Headers: 0xf0
263198.25dc: Timestamp: 0x57899a29
273198.25dc: Machine: 0x8664 - amd64
283198.25dc: Timestamp: 0x57899a29
293198.25dc: Image Version: 10.0
303198.25dc: SizeOfImage: 0xab000 (700416)
313198.25dc: Resource Dir: 0xa9000 LB 0x528
323198.25dc: ProductName: Microsoft® Windows® Operating System
333198.25dc: ProductVersion: 10.0.14393.0
343198.25dc: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
353198.25dc: FileDescription: Windows NT BASE API Client DLL
363198.25dc: \SystemRoot\System32\KernelBase.dll:
373198.25dc: CreationTime: 2017-03-17T14:42:21.397569700Z
383198.25dc: LastWriteTime: 2017-03-04T07:22:41.598640500Z
393198.25dc: ChangeTime: 2017-03-21T04:41:34.692734500Z
403198.25dc: FileAttributes: 0x20
413198.25dc: Size: 0x21c780
423198.25dc: NT Headers: 0xf8
433198.25dc: Timestamp: 0x58ba59e1
443198.25dc: Machine: 0x8664 - amd64
453198.25dc: Timestamp: 0x58ba59e1
463198.25dc: Image Version: 10.0
473198.25dc: SizeOfImage: 0x21d000 (2215936)
483198.25dc: Resource Dir: 0x201000 LB 0x560
493198.25dc: ProductName: Microsoft® Windows® Operating System
503198.25dc: ProductVersion: 10.0.14393.953
513198.25dc: FileVersion: 10.0.14393.953 (rs1_release_inmarket.170303-1614)
523198.25dc: FileDescription: Windows NT BASE API Client DLL
533198.25dc: \SystemRoot\System32\apisetschema.dll:
543198.25dc: CreationTime: 2016-07-16T11:42:21.577586000Z
553198.25dc: LastWriteTime: 2016-07-16T11:42:21.577586000Z
563198.25dc: ChangeTime: 2016-09-30T07:23:17.053836300Z
573198.25dc: FileAttributes: 0x20
583198.25dc: Size: 0x18960
593198.25dc: NT Headers: 0xc8
603198.25dc: Timestamp: 0x57899bd2
613198.25dc: Machine: 0x8664 - amd64
623198.25dc: Timestamp: 0x57899bd2
633198.25dc: Image Version: 10.0
643198.25dc: SizeOfImage: 0x19000 (102400)
653198.25dc: Resource Dir: 0x18000 LB 0x400
663198.25dc: ProductName: Microsoft® Windows® Operating System
673198.25dc: ProductVersion: 10.0.14393.0
683198.25dc: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
693198.25dc: FileDescription: ApiSet Schema DLL
703198.25dc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
713198.25dc: supR3HardenedWinFindAdversaries: 0x4
723198.25dc: \SystemRoot\System32\drivers\aswHwid.sys:
733198.25dc: CreationTime: 2016-06-03T17:15:03.248428000Z
743198.25dc: LastWriteTime: 2017-04-06T18:26:08.289208600Z
753198.25dc: ChangeTime: 2017-04-06T18:26:28.537422300Z
763198.25dc: FileAttributes: 0x20
773198.25dc: Size: 0x9598
783198.25dc: NT Headers: 0xe8
793198.25dc: Timestamp: 0x58da7d6b
803198.25dc: Machine: 0x8664 - amd64
813198.25dc: Timestamp: 0x58da7d6b
823198.25dc: Image Version: 6.0
833198.25dc: SizeOfImage: 0xa000 (40960)
843198.25dc: Resource Dir: 0x8000 LB 0x388
853198.25dc: ProductName: Avast Antivirus
863198.25dc: ProductVersion: 17.3.3443.0
873198.25dc: FileVersion: 17.3.3443.0
883198.25dc: FileDescription: Avast HWID
893198.25dc: \SystemRoot\System32\drivers\aswMonFlt.sys:
903198.25dc: CreationTime: 2016-06-03T17:15:03.431438400Z
913198.25dc: LastWriteTime: 2017-04-06T18:26:08.351164700Z
923198.25dc: ChangeTime: 2017-04-06T18:26:28.538424000Z
933198.25dc: FileAttributes: 0x20
943198.25dc: Size: 0x1f088
953198.25dc: NT Headers: 0xe0
963198.25dc: Timestamp: 0x58da8012
973198.25dc: Machine: 0x8664 - amd64
983198.25dc: Timestamp: 0x58da8012
993198.25dc: Image Version: 6.0
1003198.25dc: SizeOfImage: 0x25000 (151552)
1013198.25dc: Resource Dir: 0x23000 LB 0x3b0
1023198.25dc: ProductName: Avast Antivirus
1033198.25dc: ProductVersion: 17.3.3443.0
1043198.25dc: FileVersion: 17.3.3443.0
1053198.25dc: FileDescription: Avast File System Minifilter for Windows 2003/Vista
1063198.25dc: \SystemRoot\System32\drivers\aswRdr2.sys:
1073198.25dc: CreationTime: 2016-06-03T17:15:03.064417400Z
1083198.25dc: LastWriteTime: 2017-04-06T18:26:07.541108100Z
1093198.25dc: ChangeTime: 2017-04-06T18:26:28.538424000Z
1103198.25dc: FileAttributes: 0x20
1113198.25dc: Size: 0x18b20
1123198.25dc: NT Headers: 0xf0
1133198.25dc: Timestamp: 0x58da7d97
1143198.25dc: Machine: 0x8664 - amd64
1153198.25dc: Timestamp: 0x58da7d97
1163198.25dc: Image Version: 6.1
1173198.25dc: SizeOfImage: 0x1a000 (106496)
1183198.25dc: Resource Dir: 0x18000 LB 0x398
1193198.25dc: ProductName: Avast Antivirus
1203198.25dc: ProductVersion: 17.3.3443.0
1213198.25dc: FileVersion: 17.3.3443.0 built by: WinDDK
1223198.25dc: FileDescription: Avast WFP Redirect Driver
1233198.25dc: \SystemRoot\System32\drivers\aswRvrt.sys:
1243198.25dc: CreationTime: 2016-06-03T17:15:03.656451300Z
1253198.25dc: LastWriteTime: 2017-04-06T18:26:08.442470700Z
1263198.25dc: ChangeTime: 2017-04-06T18:26:28.539420800Z
1273198.25dc: FileAttributes: 0x20
1283198.25dc: Size: 0x127b8
1293198.25dc: NT Headers: 0xf0
1303198.25dc: Timestamp: 0x58da7d70
1313198.25dc: Machine: 0x8664 - amd64
1323198.25dc: Timestamp: 0x58da7d70
1333198.25dc: Image Version: 6.0
1343198.25dc: SizeOfImage: 0x13000 (77824)
1353198.25dc: Resource Dir: 0x11000 LB 0x388
1363198.25dc: ProductName: Avast Antivirus
1373198.25dc: ProductVersion: 17.3.3443.0
1383198.25dc: FileVersion: 17.3.3443.0
1393198.25dc: FileDescription: Avast Revert
1403198.25dc: \SystemRoot\System32\drivers\aswSnx.sys:
1413198.25dc: CreationTime: 2016-06-03T17:15:02.519386300Z
1423198.25dc: LastWriteTime: 2017-04-06T18:25:36.064631300Z
1433198.25dc: ChangeTime: 2017-04-06T18:26:28.539420800Z
1443198.25dc: FileAttributes: 0x20
1453198.25dc: Size: 0xf55f8
1463198.25dc: NT Headers: 0xe8
1473198.25dc: Timestamp: 0x58da7d8e
1483198.25dc: Machine: 0x8664 - amd64
1493198.25dc: Timestamp: 0x58da7d8e
1503198.25dc: Image Version: 6.0
1513198.25dc: SizeOfImage: 0xf5000 (1003520)
1523198.25dc: Resource Dir: 0xed000 LB 0x378
1533198.25dc: ProductName: Avast Antivirus
1543198.25dc: ProductVersion: 17.3.3443.0
1553198.25dc: FileVersion: 17.3.3443.0
1563198.25dc: FileDescription: Avast Virtualization Driver
1573198.25dc: \SystemRoot\System32\drivers\aswsp.sys:
1583198.25dc: CreationTime: 2016-06-03T17:15:03.886464400Z
1593198.25dc: LastWriteTime: 2017-04-06T18:26:08.527125400Z
1603198.25dc: ChangeTime: 2017-04-06T18:26:28.540421700Z
1613198.25dc: FileAttributes: 0x20
1623198.25dc: Size: 0x87ef0
1633198.25dc: NT Headers: 0xf0
1643198.25dc: Timestamp: 0x58da802a
1653198.25dc: Machine: 0x8664 - amd64
1663198.25dc: Timestamp: 0x58da802a
1673198.25dc: Image Version: 6.0
1683198.25dc: SizeOfImage: 0xac000 (704512)
1693198.25dc: Resource Dir: 0xaa000 LB 0x370
1703198.25dc: ProductName: Avast Antivirus
1713198.25dc: ProductVersion: 17.3.3443.0
1723198.25dc: FileVersion: 17.3.3443.0
1733198.25dc: FileDescription: Avast self protection module
1743198.25dc: \SystemRoot\System32\drivers\aswStm.sys:
1753198.25dc: CreationTime: 2016-06-03T17:15:04.489498900Z
1763198.25dc: LastWriteTime: 2017-04-06T18:26:09.143316800Z
1773198.25dc: ChangeTime: 2017-04-06T18:26:28.540421700Z
1783198.25dc: FileAttributes: 0x20
1793198.25dc: Size: 0x280e0
1803198.25dc: NT Headers: 0x108
1813198.25dc: Timestamp: 0x58da81a6
1823198.25dc: Machine: 0x8664 - amd64
1833198.25dc: Timestamp: 0x58da81a6
1843198.25dc: Image Version: 10.0
1853198.25dc: SizeOfImage: 0x2a000 (172032)
1863198.25dc: Resource Dir: 0x28000 LB 0x350
1873198.25dc: ProductName: Avast Antivirus
1883198.25dc: ProductVersion: 17.3.3443.0
1893198.25dc: FileVersion: 17.3.3443.0
1903198.25dc: FileDescription: Stream Filter
1913198.25dc: \SystemRoot\System32\drivers\aswVmm.sys:
1923198.25dc: CreationTime: 2016-06-03T17:15:04.306488500Z
1933198.25dc: LastWriteTime: 2017-04-06T18:26:08.767473300Z
1943198.25dc: ChangeTime: 2017-04-06T18:26:28.541421700Z
1953198.25dc: FileAttributes: 0x20
1963198.25dc: Size: 0x52ef0
1973198.25dc: NT Headers: 0xe8
1983198.25dc: Timestamp: 0x58da8015
1993198.25dc: Machine: 0x8664 - amd64
2003198.25dc: Timestamp: 0x58da8015
2013198.25dc: Image Version: 6.0
2023198.25dc: SizeOfImage: 0x54000 (344064)
2033198.25dc: Resource Dir: 0x51000 LB 0x390
2043198.25dc: ProductName: Avast Antivirus
2053198.25dc: ProductVersion: 17.3.3443.0
2063198.25dc: FileVersion: 17.3.3443.0
2073198.25dc: FileDescription: Avast VM Monitor
2083198.25dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2093198.25dc: Calling main()
2103198.25dc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2113198.25dc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2123198.25dc: SUPR3HardenedMain: Respawn #1
2133198.25dc: System32: \Device\HarddiskVolume2\Windows\System32
2143198.25dc: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2153198.25dc: KnownDllPath: C:\WINDOWS\System32
2163198.25dc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2173198.25dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2183198.25dc: supR3HardNtEnableThreadCreation:
2193198.25dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd40999fa0 pvNtTerminateThread=00007ffd409c6b20
2203198.25dc: supR3HardenedWinDoReSpawn(1): New child 1150.35ec [kernel32].
2213198.25dc: supR3HardNtChildGatherData: PebBaseAddress=0000000000c17000 cbPeb=0x388
2223198.25dc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd40920000 uNtDllChildAddr=00007ffd40920000
2233198.25dc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd40999fa0
2243198.25dc: supR3HardenedWinSetupChildInit: Start child.
2253198.25dc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 2 ms.
2263198.25dc: supR3HardNtChildPurify: Startup delay kludge #1/0: 523 ms, 31 sleeps
2273198.25dc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2283198.25dc: *0000000000000000-ffffffffff5affff 0x0001/0x0000 0x0000000
2293198.25dc: *0000000000a50000-0000000000a2ffff 0x0004/0x0004 0x0020000
2303198.25dc: *0000000000a70000-0000000000a59fff 0x0002/0x0002 0x0040000
2313198.25dc: 0000000000a86000-0000000000a7bfff 0x0001/0x0000 0x0000000
2323198.25dc: *0000000000a90000-0000000000994fff 0x0000/0x0004 0x0020000
2333198.25dc: 0000000000b8b000-0000000000b87fff 0x0104/0x0004 0x0020000
2343198.25dc: 0000000000b8e000-0000000000b8bfff 0x0004/0x0004 0x0020000
2353198.25dc: *0000000000b90000-0000000000b8bfff 0x0002/0x0002 0x0040000
2363198.25dc: 0000000000b94000-0000000000b87fff 0x0001/0x0000 0x0000000
2373198.25dc: *0000000000ba0000-0000000000b9dfff 0x0004/0x0004 0x0020000
2383198.25dc: 0000000000ba2000-0000000000b43fff 0x0001/0x0000 0x0000000
2393198.25dc: *0000000000c00000-0000000000be8fff 0x0000/0x0004 0x0020000
2403198.25dc: 0000000000c17000-0000000000c13fff 0x0004/0x0004 0x0020000
2413198.25dc: 0000000000c1a000-0000000000a33fff 0x0000/0x0004 0x0020000
2423198.25dc: 0000000000e00000-ffffffff81c1ffff 0x0001/0x0000 0x0000000
2433198.25dc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2443198.25dc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2453198.25dc: 000000007fff0000-ffff800a6028ffff 0x0001/0x0000 0x0000000
2463198.25dc: *00007ff69fd50000-00007ff69fd2cfff 0x0002/0x0002 0x0040000
2473198.25dc: 00007ff69fd73000-00007ff69ef15fff 0x0001/0x0000 0x0000000
2483198.25dc: *00007ff6a0bd0000-00007ff6a0bd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2493198.25dc: 00007ff6a0bd1000-00007ff6a0c3ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2503198.25dc: 00007ff6a0c40000-00007ff6a0c40fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2513198.25dc: 00007ff6a0c41000-00007ff6a0c85fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2523198.25dc: 00007ff6a0c86000-00007ff6a0c86fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2533198.25dc: 00007ff6a0c87000-00007ff6a0c87fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2543198.25dc: 00007ff6a0c88000-00007ff6a0c8cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2553198.25dc: 00007ff6a0c8d000-00007ff6a0c8dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2563198.25dc: 00007ff6a0c8e000-00007ff6a0c8efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2573198.25dc: 00007ff6a0c8f000-00007ff6a0c92fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2583198.25dc: 00007ff6a0c93000-00007ff6a0cdafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2593198.25dc: 00007ff6a0cdb000-00007ff001095fff 0x0001/0x0000 0x0000000
2603198.25dc: *00007ffd40920000-00007ffd40920fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2613198.25dc: 00007ffd40921000-00007ffd40a27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2623198.25dc: 00007ffd40a28000-00007ffd40a6bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2633198.25dc: 00007ffd40a6c000-00007ffd40a74fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2643198.25dc: 00007ffd40a75000-00007ffd40a82fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2653198.25dc: 00007ffd40a83000-00007ffd40a83fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2663198.25dc: 00007ffd40a84000-00007ffd40a86fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2673198.25dc: 00007ffd40a87000-00007ffd40af0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2683198.25dc: 00007ffd40af1000-00007ffa81601fff 0x0001/0x0000 0x0000000
2693198.25dc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2703198.25dc: VirtualBox.exe: timestamp 0x58c95b24 (rc=VINF_SUCCESS)
2713198.25dc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2723198.25dc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2733198.25dc: supR3HardNtChildPurify: Done after 704 ms and 0 fixes (loop #0).
2741150.35ec: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900
2751150.35ec: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd40920000 g_uNtVerCombined=0xa0383900
2763198.25dc: supR3HardNtEnableThreadCreation:
2771150.35ec: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
2781150.35ec: New simple heap: #1 0000000000f00000 LB 0x400000 (for 1904640 allocation)
2791150.35ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2801150.35ec: System32: \Device\HarddiskVolume2\Windows\System32
2811150.35ec: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2821150.35ec: KnownDllPath: C:\WINDOWS\System32
2831150.35ec: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2841150.35ec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2851150.35ec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2861150.35ec: Registered Dll notification callback with NTDLL.
2871150.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2881150.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2891150.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2901150.35ec: supR3HardenedDllNotificationCallback: load 00007ffd3daa0000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
2911150.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2921150.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2931150.35ec: supR3HardenedDllNotificationCallback: load 00007ffd3df90000 LB 0x000ab000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
2941150.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2951150.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3df90000 'C:\WINDOWS\System32\KERNEL32.DLL'
2961150.35ec: supR3HardenedDllNotificationCallback: load 00007ff6a0bd0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
2971150.35ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2981150.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2991150.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3001150.35ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd40999fa0 pvNtTerminateThread=00007ffd409c6b20
3013198.25dc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 407 ms.
3021150.35ec: \SystemRoot\System32\ntdll.dll:
3031150.35ec: CreationTime: 2016-12-11T14:54:38.710266600Z
3041150.35ec: LastWriteTime: 2016-11-11T10:13:03.409595100Z
3051150.35ec: ChangeTime: 2017-03-18T22:21:12.371574600Z
3061150.35ec: FileAttributes: 0x20
3071150.35ec: Size: 0x1cc888
3081150.35ec: NT Headers: 0xd8
3091150.35ec: Timestamp: 0x5825887f
3101150.35ec: Machine: 0x8664 - amd64
3111150.35ec: Timestamp: 0x5825887f
3121150.35ec: Image Version: 10.0
3131150.35ec: SizeOfImage: 0x1d1000 (1904640)
3141150.35ec: Resource Dir: 0x168000 LB 0x67988
3151150.35ec: ProductName: Microsoft® Windows® Operating System
3161150.35ec: ProductVersion: 10.0.14393.479
3171150.35ec: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
3181150.35ec: FileDescription: NT Layer DLL
3191150.35ec: \SystemRoot\System32\kernel32.dll:
3201150.35ec: CreationTime: 2016-07-16T11:42:16.155721400Z
3211150.35ec: LastWriteTime: 2016-07-16T11:42:16.155721400Z
3221150.35ec: ChangeTime: 2016-09-30T07:23:25.351168200Z
3231150.35ec: FileAttributes: 0x20
3241150.35ec: Size: 0xaade8
3251150.35ec: NT Headers: 0xf0
3261150.35ec: Timestamp: 0x57899a29
3271150.35ec: Machine: 0x8664 - amd64
3281150.35ec: Timestamp: 0x57899a29
3291150.35ec: Image Version: 10.0
3301150.35ec: SizeOfImage: 0xab000 (700416)
3311150.35ec: Resource Dir: 0xa9000 LB 0x528
3321150.35ec: ProductName: Microsoft® Windows® Operating System
3331150.35ec: ProductVersion: 10.0.14393.0
3341150.35ec: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
3351150.35ec: FileDescription: Windows NT BASE API Client DLL
3361150.35ec: \SystemRoot\System32\KernelBase.dll:
3371150.35ec: CreationTime: 2017-03-17T14:42:21.397569700Z
3381150.35ec: LastWriteTime: 2017-03-04T07:22:41.598640500Z
3391150.35ec: ChangeTime: 2017-03-21T04:41:34.692734500Z
3401150.35ec: FileAttributes: 0x20
3411150.35ec: Size: 0x21c780
3421150.35ec: NT Headers: 0xf8
3431150.35ec: Timestamp: 0x58ba59e1
3441150.35ec: Machine: 0x8664 - amd64
3451150.35ec: Timestamp: 0x58ba59e1
3461150.35ec: Image Version: 10.0
3471150.35ec: SizeOfImage: 0x21d000 (2215936)
3481150.35ec: Resource Dir: 0x201000 LB 0x560
3491150.35ec: ProductName: Microsoft® Windows® Operating System
3501150.35ec: ProductVersion: 10.0.14393.953
3511150.35ec: FileVersion: 10.0.14393.953 (rs1_release_inmarket.170303-1614)
3521150.35ec: FileDescription: Windows NT BASE API Client DLL
3531150.35ec: \SystemRoot\System32\apisetschema.dll:
3541150.35ec: CreationTime: 2016-07-16T11:42:21.577586000Z
3551150.35ec: LastWriteTime: 2016-07-16T11:42:21.577586000Z
3561150.35ec: ChangeTime: 2016-09-30T07:23:17.053836300Z
3571150.35ec: FileAttributes: 0x20
3581150.35ec: Size: 0x18960
3591150.35ec: NT Headers: 0xc8
3601150.35ec: Timestamp: 0x57899bd2
3611150.35ec: Machine: 0x8664 - amd64
3621150.35ec: Timestamp: 0x57899bd2
3631150.35ec: Image Version: 10.0
3641150.35ec: SizeOfImage: 0x19000 (102400)
3651150.35ec: Resource Dir: 0x18000 LB 0x400
3661150.35ec: ProductName: Microsoft® Windows® Operating System
3671150.35ec: ProductVersion: 10.0.14393.0
3681150.35ec: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
3691150.35ec: FileDescription: ApiSet Schema DLL
3701150.35ec: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3711150.35ec: supR3HardenedWinFindAdversaries: 0x4
3721150.35ec: \SystemRoot\System32\drivers\aswHwid.sys:
3731150.35ec: CreationTime: 2016-06-03T17:15:03.248428000Z
3741150.35ec: LastWriteTime: 2017-04-06T18:26:08.289208600Z
3751150.35ec: ChangeTime: 2017-04-06T18:26:28.537422300Z
3761150.35ec: FileAttributes: 0x20
3771150.35ec: Size: 0x9598
3781150.35ec: NT Headers: 0xe8
3791150.35ec: Timestamp: 0x58da7d6b
3801150.35ec: Machine: 0x8664 - amd64
3811150.35ec: Timestamp: 0x58da7d6b
3821150.35ec: Image Version: 6.0
3831150.35ec: SizeOfImage: 0xa000 (40960)
3841150.35ec: Resource Dir: 0x8000 LB 0x388
3851150.35ec: ProductName: Avast Antivirus
3861150.35ec: ProductVersion: 17.3.3443.0
3871150.35ec: FileVersion: 17.3.3443.0
3881150.35ec: FileDescription: Avast HWID
3891150.35ec: \SystemRoot\System32\drivers\aswMonFlt.sys:
3901150.35ec: CreationTime: 2016-06-03T17:15:03.431438400Z
3911150.35ec: LastWriteTime: 2017-04-06T18:26:08.351164700Z
3921150.35ec: ChangeTime: 2017-04-06T18:26:28.538424000Z
3931150.35ec: FileAttributes: 0x20
3941150.35ec: Size: 0x1f088
3951150.35ec: NT Headers: 0xe0
3961150.35ec: Timestamp: 0x58da8012
3971150.35ec: Machine: 0x8664 - amd64
3981150.35ec: Timestamp: 0x58da8012
3991150.35ec: Image Version: 6.0
4001150.35ec: SizeOfImage: 0x25000 (151552)
4011150.35ec: Resource Dir: 0x23000 LB 0x3b0
4021150.35ec: ProductName: Avast Antivirus
4031150.35ec: ProductVersion: 17.3.3443.0
4041150.35ec: FileVersion: 17.3.3443.0
4051150.35ec: FileDescription: Avast File System Minifilter for Windows 2003/Vista
4061150.35ec: \SystemRoot\System32\drivers\aswRdr2.sys:
4071150.35ec: CreationTime: 2016-06-03T17:15:03.064417400Z
4081150.35ec: LastWriteTime: 2017-04-06T18:26:07.541108100Z
4091150.35ec: ChangeTime: 2017-04-06T18:26:28.538424000Z
4101150.35ec: FileAttributes: 0x20
4111150.35ec: Size: 0x18b20
4121150.35ec: NT Headers: 0xf0
4131150.35ec: Timestamp: 0x58da7d97
4141150.35ec: Machine: 0x8664 - amd64
4151150.35ec: Timestamp: 0x58da7d97
4161150.35ec: Image Version: 6.1
4171150.35ec: SizeOfImage: 0x1a000 (106496)
4181150.35ec: Resource Dir: 0x18000 LB 0x398
4191150.35ec: ProductName: Avast Antivirus
4201150.35ec: ProductVersion: 17.3.3443.0
4211150.35ec: FileVersion: 17.3.3443.0 built by: WinDDK
4221150.35ec: FileDescription: Avast WFP Redirect Driver
4231150.35ec: \SystemRoot\System32\drivers\aswRvrt.sys:
4241150.35ec: CreationTime: 2016-06-03T17:15:03.656451300Z
4251150.35ec: LastWriteTime: 2017-04-06T18:26:08.442470700Z
4261150.35ec: ChangeTime: 2017-04-06T18:26:28.539420800Z
4271150.35ec: FileAttributes: 0x20
4281150.35ec: Size: 0x127b8
4291150.35ec: NT Headers: 0xf0
4301150.35ec: Timestamp: 0x58da7d70
4311150.35ec: Machine: 0x8664 - amd64
4321150.35ec: Timestamp: 0x58da7d70
4331150.35ec: Image Version: 6.0
4341150.35ec: SizeOfImage: 0x13000 (77824)
4351150.35ec: Resource Dir: 0x11000 LB 0x388
4361150.35ec: ProductName: Avast Antivirus
4371150.35ec: ProductVersion: 17.3.3443.0
4381150.35ec: FileVersion: 17.3.3443.0
4391150.35ec: FileDescription: Avast Revert
4401150.35ec: \SystemRoot\System32\drivers\aswSnx.sys:
4411150.35ec: CreationTime: 2016-06-03T17:15:02.519386300Z
4421150.35ec: LastWriteTime: 2017-04-06T18:25:36.064631300Z
4431150.35ec: ChangeTime: 2017-04-06T18:26:28.539420800Z
4441150.35ec: FileAttributes: 0x20
4451150.35ec: Size: 0xf55f8
4461150.35ec: NT Headers: 0xe8
4471150.35ec: Timestamp: 0x58da7d8e
4481150.35ec: Machine: 0x8664 - amd64
4491150.35ec: Timestamp: 0x58da7d8e
4501150.35ec: Image Version: 6.0
4511150.35ec: SizeOfImage: 0xf5000 (1003520)
4521150.35ec: Resource Dir: 0xed000 LB 0x378
4531150.35ec: ProductName: Avast Antivirus
4541150.35ec: ProductVersion: 17.3.3443.0
4551150.35ec: FileVersion: 17.3.3443.0
4561150.35ec: FileDescription: Avast Virtualization Driver
4571150.35ec: \SystemRoot\System32\drivers\aswsp.sys:
4581150.35ec: CreationTime: 2016-06-03T17:15:03.886464400Z
4591150.35ec: LastWriteTime: 2017-04-06T18:26:08.527125400Z
4601150.35ec: ChangeTime: 2017-04-06T18:26:28.540421700Z
4611150.35ec: FileAttributes: 0x20
4621150.35ec: Size: 0x87ef0
4631150.35ec: NT Headers: 0xf0
4641150.35ec: Timestamp: 0x58da802a
4651150.35ec: Machine: 0x8664 - amd64
4661150.35ec: Timestamp: 0x58da802a
4671150.35ec: Image Version: 6.0
4681150.35ec: SizeOfImage: 0xac000 (704512)
4691150.35ec: Resource Dir: 0xaa000 LB 0x370
4701150.35ec: ProductName: Avast Antivirus
4711150.35ec: ProductVersion: 17.3.3443.0
4721150.35ec: FileVersion: 17.3.3443.0
4731150.35ec: FileDescription: Avast self protection module
4741150.35ec: \SystemRoot\System32\drivers\aswStm.sys:
4751150.35ec: CreationTime: 2016-06-03T17:15:04.489498900Z
4761150.35ec: LastWriteTime: 2017-04-06T18:26:09.143316800Z
4771150.35ec: ChangeTime: 2017-04-06T18:26:28.540421700Z
4781150.35ec: FileAttributes: 0x20
4791150.35ec: Size: 0x280e0
4801150.35ec: NT Headers: 0x108
4811150.35ec: Timestamp: 0x58da81a6
4821150.35ec: Machine: 0x8664 - amd64
4831150.35ec: Timestamp: 0x58da81a6
4841150.35ec: Image Version: 10.0
4851150.35ec: SizeOfImage: 0x2a000 (172032)
4861150.35ec: Resource Dir: 0x28000 LB 0x350
4871150.35ec: ProductName: Avast Antivirus
4881150.35ec: ProductVersion: 17.3.3443.0
4891150.35ec: FileVersion: 17.3.3443.0
4901150.35ec: FileDescription: Stream Filter
4911150.35ec: \SystemRoot\System32\drivers\aswVmm.sys:
4921150.35ec: CreationTime: 2016-06-03T17:15:04.306488500Z
4931150.35ec: LastWriteTime: 2017-04-06T18:26:08.767473300Z
4941150.35ec: ChangeTime: 2017-04-06T18:26:28.541421700Z
4951150.35ec: FileAttributes: 0x20
4961150.35ec: Size: 0x52ef0
4971150.35ec: NT Headers: 0xe8
4981150.35ec: Timestamp: 0x58da8015
4991150.35ec: Machine: 0x8664 - amd64
5001150.35ec: Timestamp: 0x58da8015
5011150.35ec: Image Version: 6.0
5021150.35ec: SizeOfImage: 0x54000 (344064)
5031150.35ec: Resource Dir: 0x51000 LB 0x390
5041150.35ec: ProductName: Avast Antivirus
5051150.35ec: ProductVersion: 17.3.3443.0
5061150.35ec: FileVersion: 17.3.3443.0
5071150.35ec: FileDescription: Avast VM Monitor
5081150.35ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5091150.35ec: Calling main()
5101150.35ec: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5111150.35ec: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5121150.35ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5131150.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5141150.35ec: SUPR3HardenedMain: Respawn #2
5151150.35ec: supR3HardNtEnableThreadCreation:
5161150.35ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd40999fa0 pvNtTerminateThread=00007ffd409c6b20
5171150.35ec: supR3HardenedWinDoReSpawn(2): New child 334c.f8c [kernel32].
5181150.35ec: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
5191150.35ec: supR3HardNtChildGatherData: PebBaseAddress=000000000094d000 cbPeb=0x388
5201150.35ec: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd40920000 uNtDllChildAddr=00007ffd40920000
5211150.35ec: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd40999fa0
5221150.35ec: supR3HardenedWinSetupChildInit: Start child.
5231150.35ec: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
5241150.35ec: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 34 sleeps
5251150.35ec: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5261150.35ec: *0000000000000000-ffffffffff94ffff 0x0001/0x0000 0x0000000
5271150.35ec: *00000000006b0000-000000000068ffff 0x0004/0x0004 0x0020000
5281150.35ec: *00000000006d0000-00000000006b9fff 0x0002/0x0002 0x0040000
5291150.35ec: 00000000006e6000-00000000006dbfff 0x0001/0x0000 0x0000000
5301150.35ec: *00000000006f0000-00000000005f4fff 0x0000/0x0004 0x0020000
5311150.35ec: 00000000007eb000-00000000007e7fff 0x0104/0x0004 0x0020000
5321150.35ec: 00000000007ee000-00000000007ebfff 0x0004/0x0004 0x0020000
5331150.35ec: *00000000007f0000-00000000007ebfff 0x0002/0x0002 0x0040000
5341150.35ec: 00000000007f4000-00000000007e7fff 0x0001/0x0000 0x0000000
5351150.35ec: *0000000000800000-00000000006b2fff 0x0000/0x0004 0x0020000
5361150.35ec: 000000000094d000-0000000000949fff 0x0004/0x0004 0x0020000
5371150.35ec: 0000000000950000-000000000089ffff 0x0000/0x0004 0x0020000
5381150.35ec: *0000000000a00000-00000000009fdfff 0x0004/0x0004 0x0020000
5391150.35ec: 0000000000a02000-ffffffff81423fff 0x0001/0x0000 0x0000000
5401150.35ec: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
5411150.35ec: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5421150.35ec: 000000007fff0000-ffff800a5f8affff 0x0001/0x0000 0x0000000
5431150.35ec: *00007ff6a0730000-00007ff6a070cfff 0x0002/0x0002 0x0040000
5441150.35ec: 00007ff6a0753000-00007ff6a02d5fff 0x0001/0x0000 0x0000000
5451150.35ec: *00007ff6a0bd0000-00007ff6a0bd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5461150.35ec: 00007ff6a0bd1000-00007ff6a0c3ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5471150.35ec: 00007ff6a0c40000-00007ff6a0c40fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5481150.35ec: 00007ff6a0c41000-00007ff6a0c85fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5491150.35ec: 00007ff6a0c86000-00007ff6a0c86fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5501150.35ec: 00007ff6a0c87000-00007ff6a0c87fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5511150.35ec: 00007ff6a0c88000-00007ff6a0c8cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5521150.35ec: 00007ff6a0c8d000-00007ff6a0c8dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5531150.35ec: 00007ff6a0c8e000-00007ff6a0c8efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5541150.35ec: 00007ff6a0c8f000-00007ff6a0c92fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5551150.35ec: 00007ff6a0c93000-00007ff6a0cdafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5561150.35ec: 00007ff6a0cdb000-00007ff001095fff 0x0001/0x0000 0x0000000
5571150.35ec: *00007ffd40920000-00007ffd40920fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5581150.35ec: 00007ffd40921000-00007ffd40a27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5591150.35ec: 00007ffd40a28000-00007ffd40a6bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5601150.35ec: 00007ffd40a6c000-00007ffd40a74fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5611150.35ec: 00007ffd40a75000-00007ffd40a82fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5621150.35ec: 00007ffd40a83000-00007ffd40a83fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5631150.35ec: 00007ffd40a84000-00007ffd40a86fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5641150.35ec: 00007ffd40a87000-00007ffd40af0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5651150.35ec: 00007ffd40af1000-00007ffa81601fff 0x0001/0x0000 0x0000000
5661150.35ec: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
5671150.35ec: VirtualBox.exe: timestamp 0x58c95b24 (rc=VINF_SUCCESS)
5681150.35ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5691150.35ec: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
5701150.35ec: supR3HardNtChildPurify: Done after 766 ms and 0 fixes (loop #0).
571334c.f8c: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900
572334c.f8c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd40920000 g_uNtVerCombined=0xa0383900
573334c.f8c: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
574334c.f8c: New simple heap: #1 0000000000b10000 LB 0x400000 (for 1904640 allocation)
5751150.35ec: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
5761150.35ec: supR3HardNtEnableThreadCreation:
577334c.f8c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
578334c.f8c: System32: \Device\HarddiskVolume2\Windows\System32
579334c.f8c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
580334c.f8c: KnownDllPath: C:\WINDOWS\System32
581334c.f8c: supR3HardenedVmProcessInit: Opening vboxdrv...
582334c.f8c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
583334c.f8c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
584334c.f8c: Registered Dll notification callback with NTDLL.
585334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
586334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
587334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
588334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3daa0000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
589334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
590334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
591334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3df90000 LB 0x000ab000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
592334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
593334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3df90000 'C:\WINDOWS\System32\KERNEL32.DLL'
594334c.f8c: supR3HardenedDllNotificationCallback: load 00007ff6a0bd0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
595334c.f8c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
596334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
597334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
598334c.f8c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd40999fa0 pvNtTerminateThread=00007ffd409c6b20
5991150.35ec: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 567 ms.
600334c.f8c: \SystemRoot\System32\ntdll.dll:
601334c.f8c: CreationTime: 2016-12-11T14:54:38.710266600Z
602334c.f8c: LastWriteTime: 2016-11-11T10:13:03.409595100Z
603334c.f8c: ChangeTime: 2017-03-18T22:21:12.371574600Z
604334c.f8c: FileAttributes: 0x20
605334c.f8c: Size: 0x1cc888
606334c.f8c: NT Headers: 0xd8
607334c.f8c: Timestamp: 0x5825887f
608334c.f8c: Machine: 0x8664 - amd64
609334c.f8c: Timestamp: 0x5825887f
610334c.f8c: Image Version: 10.0
611334c.f8c: SizeOfImage: 0x1d1000 (1904640)
612334c.f8c: Resource Dir: 0x168000 LB 0x67988
613334c.f8c: ProductName: Microsoft® Windows® Operating System
614334c.f8c: ProductVersion: 10.0.14393.479
615334c.f8c: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
616334c.f8c: FileDescription: NT Layer DLL
617334c.f8c: \SystemRoot\System32\kernel32.dll:
618334c.f8c: CreationTime: 2016-07-16T11:42:16.155721400Z
619334c.f8c: LastWriteTime: 2016-07-16T11:42:16.155721400Z
620334c.f8c: ChangeTime: 2016-09-30T07:23:25.351168200Z
621334c.f8c: FileAttributes: 0x20
622334c.f8c: Size: 0xaade8
623334c.f8c: NT Headers: 0xf0
624334c.f8c: Timestamp: 0x57899a29
625334c.f8c: Machine: 0x8664 - amd64
626334c.f8c: Timestamp: 0x57899a29
627334c.f8c: Image Version: 10.0
628334c.f8c: SizeOfImage: 0xab000 (700416)
629334c.f8c: Resource Dir: 0xa9000 LB 0x528
630334c.f8c: ProductName: Microsoft® Windows® Operating System
631334c.f8c: ProductVersion: 10.0.14393.0
632334c.f8c: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
633334c.f8c: FileDescription: Windows NT BASE API Client DLL
634334c.f8c: \SystemRoot\System32\KernelBase.dll:
635334c.f8c: CreationTime: 2017-03-17T14:42:21.397569700Z
636334c.f8c: LastWriteTime: 2017-03-04T07:22:41.598640500Z
637334c.f8c: ChangeTime: 2017-03-21T04:41:34.692734500Z
638334c.f8c: FileAttributes: 0x20
639334c.f8c: Size: 0x21c780
640334c.f8c: NT Headers: 0xf8
641334c.f8c: Timestamp: 0x58ba59e1
642334c.f8c: Machine: 0x8664 - amd64
643334c.f8c: Timestamp: 0x58ba59e1
644334c.f8c: Image Version: 10.0
645334c.f8c: SizeOfImage: 0x21d000 (2215936)
646334c.f8c: Resource Dir: 0x201000 LB 0x560
647334c.f8c: ProductName: Microsoft® Windows® Operating System
648334c.f8c: ProductVersion: 10.0.14393.953
649334c.f8c: FileVersion: 10.0.14393.953 (rs1_release_inmarket.170303-1614)
650334c.f8c: FileDescription: Windows NT BASE API Client DLL
651334c.f8c: \SystemRoot\System32\apisetschema.dll:
652334c.f8c: CreationTime: 2016-07-16T11:42:21.577586000Z
653334c.f8c: LastWriteTime: 2016-07-16T11:42:21.577586000Z
654334c.f8c: ChangeTime: 2016-09-30T07:23:17.053836300Z
655334c.f8c: FileAttributes: 0x20
656334c.f8c: Size: 0x18960
657334c.f8c: NT Headers: 0xc8
658334c.f8c: Timestamp: 0x57899bd2
659334c.f8c: Machine: 0x8664 - amd64
660334c.f8c: Timestamp: 0x57899bd2
661334c.f8c: Image Version: 10.0
662334c.f8c: SizeOfImage: 0x19000 (102400)
663334c.f8c: Resource Dir: 0x18000 LB 0x400
664334c.f8c: ProductName: Microsoft® Windows® Operating System
665334c.f8c: ProductVersion: 10.0.14393.0
666334c.f8c: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
667334c.f8c: FileDescription: ApiSet Schema DLL
668334c.f8c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
669334c.f8c: supR3HardenedWinFindAdversaries: 0x4
670334c.f8c: \SystemRoot\System32\drivers\aswHwid.sys:
671334c.f8c: CreationTime: 2016-06-03T17:15:03.248428000Z
672334c.f8c: LastWriteTime: 2017-04-06T18:26:08.289208600Z
673334c.f8c: ChangeTime: 2017-04-06T18:26:28.537422300Z
674334c.f8c: FileAttributes: 0x20
675334c.f8c: Size: 0x9598
676334c.f8c: NT Headers: 0xe8
677334c.f8c: Timestamp: 0x58da7d6b
678334c.f8c: Machine: 0x8664 - amd64
679334c.f8c: Timestamp: 0x58da7d6b
680334c.f8c: Image Version: 6.0
681334c.f8c: SizeOfImage: 0xa000 (40960)
682334c.f8c: Resource Dir: 0x8000 LB 0x388
683334c.f8c: ProductName: Avast Antivirus
684334c.f8c: ProductVersion: 17.3.3443.0
685334c.f8c: FileVersion: 17.3.3443.0
686334c.f8c: FileDescription: Avast HWID
687334c.f8c: \SystemRoot\System32\drivers\aswMonFlt.sys:
688334c.f8c: CreationTime: 2016-06-03T17:15:03.431438400Z
689334c.f8c: LastWriteTime: 2017-04-06T18:26:08.351164700Z
690334c.f8c: ChangeTime: 2017-04-06T18:26:28.538424000Z
691334c.f8c: FileAttributes: 0x20
692334c.f8c: Size: 0x1f088
693334c.f8c: NT Headers: 0xe0
694334c.f8c: Timestamp: 0x58da8012
695334c.f8c: Machine: 0x8664 - amd64
696334c.f8c: Timestamp: 0x58da8012
697334c.f8c: Image Version: 6.0
698334c.f8c: SizeOfImage: 0x25000 (151552)
699334c.f8c: Resource Dir: 0x23000 LB 0x3b0
700334c.f8c: ProductName: Avast Antivirus
701334c.f8c: ProductVersion: 17.3.3443.0
702334c.f8c: FileVersion: 17.3.3443.0
703334c.f8c: FileDescription: Avast File System Minifilter for Windows 2003/Vista
704334c.f8c: \SystemRoot\System32\drivers\aswRdr2.sys:
705334c.f8c: CreationTime: 2016-06-03T17:15:03.064417400Z
706334c.f8c: LastWriteTime: 2017-04-06T18:26:07.541108100Z
707334c.f8c: ChangeTime: 2017-04-06T18:26:28.538424000Z
708334c.f8c: FileAttributes: 0x20
709334c.f8c: Size: 0x18b20
710334c.f8c: NT Headers: 0xf0
711334c.f8c: Timestamp: 0x58da7d97
712334c.f8c: Machine: 0x8664 - amd64
713334c.f8c: Timestamp: 0x58da7d97
714334c.f8c: Image Version: 6.1
715334c.f8c: SizeOfImage: 0x1a000 (106496)
716334c.f8c: Resource Dir: 0x18000 LB 0x398
717334c.f8c: ProductName: Avast Antivirus
718334c.f8c: ProductVersion: 17.3.3443.0
719334c.f8c: FileVersion: 17.3.3443.0 built by: WinDDK
720334c.f8c: FileDescription: Avast WFP Redirect Driver
721334c.f8c: \SystemRoot\System32\drivers\aswRvrt.sys:
722334c.f8c: CreationTime: 2016-06-03T17:15:03.656451300Z
723334c.f8c: LastWriteTime: 2017-04-06T18:26:08.442470700Z
724334c.f8c: ChangeTime: 2017-04-06T18:26:28.539420800Z
725334c.f8c: FileAttributes: 0x20
726334c.f8c: Size: 0x127b8
727334c.f8c: NT Headers: 0xf0
728334c.f8c: Timestamp: 0x58da7d70
729334c.f8c: Machine: 0x8664 - amd64
730334c.f8c: Timestamp: 0x58da7d70
731334c.f8c: Image Version: 6.0
732334c.f8c: SizeOfImage: 0x13000 (77824)
733334c.f8c: Resource Dir: 0x11000 LB 0x388
734334c.f8c: ProductName: Avast Antivirus
735334c.f8c: ProductVersion: 17.3.3443.0
736334c.f8c: FileVersion: 17.3.3443.0
737334c.f8c: FileDescription: Avast Revert
738334c.f8c: \SystemRoot\System32\drivers\aswSnx.sys:
739334c.f8c: CreationTime: 2016-06-03T17:15:02.519386300Z
740334c.f8c: LastWriteTime: 2017-04-06T18:25:36.064631300Z
741334c.f8c: ChangeTime: 2017-04-06T18:26:28.539420800Z
742334c.f8c: FileAttributes: 0x20
743334c.f8c: Size: 0xf55f8
744334c.f8c: NT Headers: 0xe8
745334c.f8c: Timestamp: 0x58da7d8e
746334c.f8c: Machine: 0x8664 - amd64
747334c.f8c: Timestamp: 0x58da7d8e
748334c.f8c: Image Version: 6.0
749334c.f8c: SizeOfImage: 0xf5000 (1003520)
750334c.f8c: Resource Dir: 0xed000 LB 0x378
751334c.f8c: ProductName: Avast Antivirus
752334c.f8c: ProductVersion: 17.3.3443.0
753334c.f8c: FileVersion: 17.3.3443.0
754334c.f8c: FileDescription: Avast Virtualization Driver
755334c.f8c: \SystemRoot\System32\drivers\aswsp.sys:
756334c.f8c: CreationTime: 2016-06-03T17:15:03.886464400Z
757334c.f8c: LastWriteTime: 2017-04-06T18:26:08.527125400Z
758334c.f8c: ChangeTime: 2017-04-06T18:26:28.540421700Z
759334c.f8c: FileAttributes: 0x20
760334c.f8c: Size: 0x87ef0
761334c.f8c: NT Headers: 0xf0
762334c.f8c: Timestamp: 0x58da802a
763334c.f8c: Machine: 0x8664 - amd64
764334c.f8c: Timestamp: 0x58da802a
765334c.f8c: Image Version: 6.0
766334c.f8c: SizeOfImage: 0xac000 (704512)
767334c.f8c: Resource Dir: 0xaa000 LB 0x370
768334c.f8c: ProductName: Avast Antivirus
769334c.f8c: ProductVersion: 17.3.3443.0
770334c.f8c: FileVersion: 17.3.3443.0
771334c.f8c: FileDescription: Avast self protection module
772334c.f8c: \SystemRoot\System32\drivers\aswStm.sys:
773334c.f8c: CreationTime: 2016-06-03T17:15:04.489498900Z
774334c.f8c: LastWriteTime: 2017-04-06T18:26:09.143316800Z
775334c.f8c: ChangeTime: 2017-04-06T18:26:28.540421700Z
776334c.f8c: FileAttributes: 0x20
777334c.f8c: Size: 0x280e0
778334c.f8c: NT Headers: 0x108
779334c.f8c: Timestamp: 0x58da81a6
780334c.f8c: Machine: 0x8664 - amd64
781334c.f8c: Timestamp: 0x58da81a6
782334c.f8c: Image Version: 10.0
783334c.f8c: SizeOfImage: 0x2a000 (172032)
784334c.f8c: Resource Dir: 0x28000 LB 0x350
785334c.f8c: ProductName: Avast Antivirus
786334c.f8c: ProductVersion: 17.3.3443.0
787334c.f8c: FileVersion: 17.3.3443.0
788334c.f8c: FileDescription: Stream Filter
789334c.f8c: \SystemRoot\System32\drivers\aswVmm.sys:
790334c.f8c: CreationTime: 2016-06-03T17:15:04.306488500Z
791334c.f8c: LastWriteTime: 2017-04-06T18:26:08.767473300Z
792334c.f8c: ChangeTime: 2017-04-06T18:26:28.541421700Z
793334c.f8c: FileAttributes: 0x20
794334c.f8c: Size: 0x52ef0
795334c.f8c: NT Headers: 0xe8
796334c.f8c: Timestamp: 0x58da8015
797334c.f8c: Machine: 0x8664 - amd64
798334c.f8c: Timestamp: 0x58da8015
799334c.f8c: Image Version: 6.0
800334c.f8c: SizeOfImage: 0x54000 (344064)
801334c.f8c: Resource Dir: 0x51000 LB 0x390
802334c.f8c: ProductName: Avast Antivirus
803334c.f8c: ProductVersion: 17.3.3443.0
804334c.f8c: FileVersion: 17.3.3443.0
805334c.f8c: FileDescription: Avast VM Monitor
806334c.f8c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
807334c.f8c: Calling main()
808334c.f8c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
809334c.f8c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
810334c.f8c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
811334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
812334c.f8c: SUPR3HardenedMain: Final process, opening VBoxDrv...
813334c.f8c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b10000 LB 0x400000)
814334c.f8c: supR3HardNtEnableThreadCreation:
815334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
816334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
817334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
818334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
819334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3aff0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
820334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
821334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
822334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
823334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3aff0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
824334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
825334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
826334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3aff0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
827334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3aff0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
828334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
829334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
830334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
831334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
832334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
833334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
834334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
835334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
836334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
837334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
838334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
839334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
840334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
841334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
842334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
843334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
844334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
845334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
846334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
847334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
848334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
849334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
850334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
851334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
852334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
853334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
854334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
855334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd40440000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
856334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
857334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3cd60000 LB 0x00010000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
858334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
859334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3dd90000 LB 0x000f5000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
860334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
861334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
862334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3d820000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
863334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
864334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd40260000 LB 0x00121000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
865334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
866334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3d770000 LB 0x00055000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
867334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
868334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
869334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'api-ms-win-core-synch-l1-2-0'
870334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
871334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'api-ms-win-core-fibers-l1-1-1'
872334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
873334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'api-ms-win-core-fibers-l1-1-1'
874334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
875334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'api-ms-win-core-synch-l1-2-0'
876334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
877334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'api-ms-win-core-localization-l1-2-1'
878334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\WINDOWS\system32\Wintrust.dll'
879334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
880334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
881334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
882334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
883334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3cca0000 LB 0x0002b000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
884334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
885334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3cca0000 'C:\WINDOWS\system32\bcrypt.dll'
886334c.f8c: bcrypt.dll loaded at 00007ffd3cca0000, BCryptOpenAlgorithmProvider at 00007ffd3cca4260, preloading providers:
887334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
888334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
889334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
890334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3cdf0000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
891334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
892334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3cdf0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
893334c.f8c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000fae970)
894334c.f8c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000faf790)
895334c.f8c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000fb0270)
896334c.f8c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000fb0540)
897334c.f8c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000fb0810)
898334c.f8c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000fb0ae0)
899334c.f8c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000fb0db0)
900334c.f8c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000fb1490)
901334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
902334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
903334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
904334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
905334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
906334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
907334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
908334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
909334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
910334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
911334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
912334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
913334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
914334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
915334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
916334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
917334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
918334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
919334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
920334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
921334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
922334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
923334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
924334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3c7d0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
925334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
926334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
927334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
928334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
929334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
930334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
931334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
932334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
933334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
934334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3c230000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
935334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
936334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
937334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
938334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
939334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
940334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3c7f0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
941334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
942334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
943334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
944334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
945334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
946334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
947334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3df90000 'C:\WINDOWS\System32\kernel32.dll'
948334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
949334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
950334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
951334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
952334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\CRYPT32.dll'
953334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3ff80000 LB 0x0001c000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
954334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
955334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
956334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
957334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
958334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
959334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3e4d0000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
960334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
961334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
962334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
963334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
964334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
965334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
966334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
967334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3baa0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
968334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
969334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3cd70000 LB 0x00014000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
970334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
971334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
972334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
973334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
974334c.f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
975334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
976334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
977334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
978334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
979334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
980334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
981334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
982334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
983334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
984334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
985334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
986334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
987334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
988334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
989334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
990334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
991334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
992334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
993334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd2b210000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
994334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
995334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
996334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
997334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
998334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
999334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1000334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1001334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1002334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1003334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1004334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1005334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1006334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1007334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1008334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1009334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1010334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1011334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1012334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1013334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1014334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1015334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1016334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1017334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1018334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1019334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1020334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1021334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1022334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1023334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\WINDOWS\System32\cryptnet.dll'
1024334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1025334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\Windows\System32\cryptnet.dll'
1026334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3e040000 LB 0x000a2000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
1027334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1028334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
1029334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
1030334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
1031334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1032334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1033334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1034334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1035334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1036334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
1037334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
1038334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1039334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1040334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1041334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1042334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1043334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1044334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1045334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1046334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1047334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1048334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000ff22f0
1049334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
1050334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F0CC1880DEF521CFB586B70171713A785823BD2
1051334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1052334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1053334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40260000 'C:\WINDOWS\System32\rpcrt4.dll'
1054334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1055334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
1056334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1057334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
1058334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1059334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
1060334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1061334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
1062334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1063334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
1064334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1065334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
1066334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1067334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1068334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
1069334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1070334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1071334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1072334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1073334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1074334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1075334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5231_for_KB4015217~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\SystemRoot\System32\ntdll.dll'
1076334c.f8c: g_pfnWinVerifyTrust=00007ffd3d777ff0
1077334c.f8c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1078334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1079334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1080334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1081334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1082334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1083334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1084334c.f8c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1085334c.f8c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1086334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1087334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1088334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1089334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1090334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1091334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1092334c.f8c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1093334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1094334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1095334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1096334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1097334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1098334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1099334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
1100334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
1101334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2887B283709E29E7E5AD7830D0E43D33DF9C9C9B
1102334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1103334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1104334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1105334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1106334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1107334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1108334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1109334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1110334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1111334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1112334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1113334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1114334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1115334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1116334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1117334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1118334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1119334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1120334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1121334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1122334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1123334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1124334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1125334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1126334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1127334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1128334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1129334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1130334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1131334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1132334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1133334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1134334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1135334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1136334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1137334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1138334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1139334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1140334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1141334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1142334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1143334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1144334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1145334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1146334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1147334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
1148334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1149334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1150334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1151334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1152334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1153334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1154334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1155334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1156334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1157334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1158334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1159334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1160334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
1161334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1162334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1163334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1164334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1165334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1166334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1167334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\system32\crypt32.dll'
1168334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xda985636b831be00 OU=generated by avast! antivirus for SSL/TLS scanning, O=avast! Web/Mail Shield, CN=avast! Web/Mail Shield Root
1169334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1170334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1171334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1172334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
1173334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1174334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1175334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1176334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1177334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1178334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1179334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1180334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1181334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1182334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1183334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1184334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1185334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1186334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1187334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1188334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1189334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1190334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1191334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1192334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1193334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1194334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1195334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1196334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1197334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1198334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
1199334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1200334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1201334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
1202334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1203334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1204334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1205334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1206334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1207334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1208334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1209334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1210334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1211334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1212334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1213334c.f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1214334c.f8c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=46
1215334c.f8c: SUPR3HardenedMain: Load Runtime...
1216334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1217334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1218334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1219334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1220334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1221334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1222334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1223334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1224334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1225334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1226334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1227334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1228334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1229334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1230334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1231334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1232334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1233334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1234334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1235334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1236334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1237334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1238334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1239334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1240334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1241334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1242334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1243334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1244334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1245334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1246334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1247334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
1248334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1249334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1250334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1251334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1252334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1253334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1254334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1255334c.f8c: supR3HardenedDllNotificationCallback: load 000000006e750000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1256334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1257334c.f8c: supR3HardenedDllNotificationCallback: load 000000006e630000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1258334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1259334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3e460000 LB 0x0006a000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
1260334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1261334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd0cf50000 LB 0x0053c000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1262334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1263334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1264334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1265334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1266334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1267334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1268334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1269334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1270334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1271334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1272334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1273334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1274334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1275334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1276334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1277334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1278334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1279334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1280334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1281334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1282334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1283334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1284334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1285334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1286334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1287334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1288334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1289334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1290334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1291334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1292334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1293334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1294334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1295334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1296334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1297334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1298334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1299334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1300334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1301334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1302334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1303334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1304334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1305334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1306334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1307334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1308334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1309334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1310334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1311334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1312334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1313334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0cf50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1314334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\WINDOWS\system32\Wintrust.dll'
1315334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1316334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1317334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1318334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1319334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1320334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1321334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\system32\crypt32.dll'
1322334c.f8c: SUPR3HardenedMain: Load TrustedMain...
1323334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1324334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1325334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1326334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1327334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1328334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1329334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1330334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1331334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1332334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1333334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1334334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1335334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1336334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1337334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1338334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1339334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1340334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1341334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1342334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1343334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1344334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1345334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1346334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1347334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1348334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1349334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1350334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1351334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1352334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1353334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1354334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1355334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1356334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1357334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1358334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
1359334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
1360334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1361334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1362334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1363334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1364334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1365334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1366334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1367334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1368334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1369334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
1370334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1371334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1372334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1373334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1374334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1375334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1376334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1377334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1378334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1379334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1380334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1381334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'bcryptprimitives.dll'.
1382334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1383334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1384334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1385334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1386334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1387334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
1388334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1389334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1390334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1391334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1392334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1393334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1394334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1395334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1396334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
1397334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
1398334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
1399334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'combase.dll'.
1400334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1401334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1402334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1403334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1404334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1405334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1406334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1407334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1408334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1409334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1410334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1411334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
1412334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1413334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1414334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1415334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1416334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1417334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1418334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1419334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1420334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1421334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1422334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1423334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1424334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1425334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1426334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1427334c.f8c: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
1428334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
1429334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
1430334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1431334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1432334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1433334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'user32.dll'.
1434334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #68 'gdi32.dll'.
1435334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1436334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1437334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1438334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1439334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1440334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1441334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1442334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1443334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1444334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1445334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1446334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1447334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1448334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1449334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1450334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1451334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1452334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1453334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1454334c.f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1455334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1456334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1457334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1458334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1459334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1460334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1461334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1462334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1463334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1464334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1465334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1466334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1467334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1468334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1469334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1470334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1471334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1472334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1473334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1474334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1475334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1476334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1477334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1478334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1479334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1480334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1481334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1482334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1483334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1484334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1485334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1486334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1487334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1488334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1489334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1490334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1491334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1492334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1493334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1494334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1495334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1496334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1497334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1498334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1499334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1500334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1501334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1502334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1503334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1504334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1505334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1506334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1507334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1508334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1509334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1510334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1511334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1512334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1513334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1514334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1515334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1516334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1517334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1518334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1519334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1520334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1521334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1522334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1523334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1524334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1525334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1526334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1527334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1528334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1529334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1530334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1531334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1532334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1533334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1534334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1535334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1536334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1537334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1538334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1539334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1540334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1541334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1542334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1543334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1544334c.f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1545334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1546334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1547334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1548334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1549334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1550334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1551334c.f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1552334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1553334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1554334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1555334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1556334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1557334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1558334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1559334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1560334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1561334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1562334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1563334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1564334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1565334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
1566334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1567334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1568334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1569334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1570334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1571334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1572334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1573334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1574334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1575334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1576334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1577334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1578334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1579334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1580334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1581334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1582334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1583334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1584334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1585334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1586334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1587334c.f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
1588334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1589334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
1590334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
1591334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
1592334c.f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
1593334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1594334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1595334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1596334c.f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1597334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1598334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1599334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1600334c.f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1601334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1602334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1603334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1604334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1605334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1606334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1607334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1608334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1609334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1610334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1611334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1612334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1613334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1614334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1615334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1616334c.f8c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1617334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1618334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1619334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1620334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1621334c.f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
1622334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1623334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1624334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1625334c.f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
1626334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1627334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1628334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1629334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1630334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1631334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1632334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1633334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1634334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1635334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1636334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1637334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1638334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1639334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1640334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1641334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1642334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1643334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1644334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1645334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1646334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1647334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1648334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1649334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1650334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1651334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1652334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1653334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1654334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1655334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
1656334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1657334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1658334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1659334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1660334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1661334c.f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1662334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1663334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
1664334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'shlwapi.dll'.
1665334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
1666334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'comctl32.dll'.
1667334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'shell32.dll'.
1668334c.f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
1669334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1670334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1671334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1672334c.f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1673334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1674334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
1675334c.f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
1676334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1677334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1678334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1679334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1680334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1681334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1682334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1683334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1684334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1685334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1686334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1687334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1688334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1689334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1690334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1691334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1692334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1693334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1694334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1695334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1696334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1697334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1698334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1699334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1700334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1701334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1702334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1703334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1704334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1705334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
1706334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1707334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1708334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1709334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1710334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1711334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1712334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1713334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1714334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
1715334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
1716334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1717334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1718334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1719334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1720334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1721334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1722334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1723334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1724334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1725334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1726334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1727334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1728334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1729334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1730334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1731334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1732334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1733334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1734334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1735334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1736334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1737334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1738334c.f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1739334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1740334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1741334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1742334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1743334c.f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1744334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1745334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1746334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1747334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1748334c.f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1749334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1750334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1751334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1752334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1753334c.f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1754334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1755334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1756334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1757334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1758334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1759334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1760334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1761334c.f8c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1762334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1763334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
1764334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
1765334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3ABE9A0F560416C701B358C7A044A7ADA2496E52
1766334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
1767334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
1768334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1769334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1770334c.f8c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1771334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1772334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1773334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1774334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1775334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1776334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1777334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1778334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1779334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1780334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1781334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1782334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1783334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1784334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1785334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1786334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1787334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll)
1788334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll
1789334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1790334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1791334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3dd70000 LB 0x0001e000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1792334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1793334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd400e0000 LB 0x00165000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1794334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3ce60000 LB 0x00182000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1795334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
1796334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1797334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'.
1798334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
1799334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
1800334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3e530000 LB 0x00034000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1801334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1802334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3afd0000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
1803334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1804334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd2d0f0000 LB 0x000f7000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0]
1805334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1806334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd34100000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1807334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1808334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd25c70000 LB 0x00123000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1809334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1810334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3d7d0000 LB 0x00042000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
1811334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
1812334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1813334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3e190000 LB 0x002c8000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1814334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1815334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3cda0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
1816334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1817334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
1818334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1819334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3fae0000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
1820334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1821334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3cd90000 LB 0x0000f000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
1822334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1823334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1824334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
1825334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
1826334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3dcc0000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
1827334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1828334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
1829334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'combase.dll'.
1830334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
1831334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1832334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3d090000 LB 0x006da000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
1833334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1834334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
1835334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'.
1836334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'profapi.dll'.
1837334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
1838334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
1839334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3e5d0000 LB 0x01509000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1840334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1841334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3ffa0000 LB 0x00137000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1842334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1843334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd30a60000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1844334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1845334c.f8c: supR3HardenedDllNotificationCallback: load 000000006c930000 LB 0x00566000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1846334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1847334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd09d40000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1848334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1849334c.f8c: supR3HardenedDllNotificationCallback: load 000000006c3c0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1850334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1851334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd2bfd0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1852334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1853334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd2b240000 LB 0x000ac000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\COMCTL32.dll [fFlags=0x0]
1854334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll [avoiding WinVerifyTrust]
1855334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3de90000 LB 0x000fa000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
1856334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
1857334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd310e0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1858334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1859334c.f8c: supR3HardenedDllNotificationCallback: load 000000006e430000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1860334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1861334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3cff0000 LB 0x0009c000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1862334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1863334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd404e0000 LB 0x000bf000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1864334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1865334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3ae00000 LB 0x0002b000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1866334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1867334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3ae30000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1868334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1869334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd0c660000 LB 0x008e8000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1870334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1871334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
1872334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
1873334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
1874334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
1875334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
1876334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
1877334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
1878334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
1879334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
1880334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
1881334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1882334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1883334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll'.
1884334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_0d5aa7fbb6d35646\comctl32.dll' [rescheduled]
1885334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1886334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
1887334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1888334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
1889334c.f8c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1890334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
1891334c.f8c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1892334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
1893334c.f8c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
1894334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
1895334c.f8c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1896334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1897334c.f8c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
1898334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
1899334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1900334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1901334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1902334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1903334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1904334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1905334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1906334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1907334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1908334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1909334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1910334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
1911334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1912334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1913334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'win32u.dll'.
1914334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1915334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1916334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1917334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1918334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1919334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1920334c.f8c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1921334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1922334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1923334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1924334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1925334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1926334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1927334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1928334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1929334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1930334c.f8c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1931334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1932334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1933334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1934334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1935334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1936334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1937334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1938334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1939334c.f8c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1940334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1941334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1942334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1943334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1944334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1945334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1946334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1947334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1948334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1949334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1950334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1951334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1952334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1953334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1954334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1955334c.f8c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1956334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1957334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1958334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1959334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1960334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1961334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1962334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1963334c.f8c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1964334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1965334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1966334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1967334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1968334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1969334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1970334c.f8c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1971334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1972334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1973334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1974334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1975334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd40410000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
1976334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1977334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40410000 'C:\WINDOWS\system32\IMM32.DLL'
1978334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1979334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1980334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1981334c.f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1982334c.f8c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
1983334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1984334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40410000 'C:\WINDOWS\System32\imm32.dll'
1985334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1986334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1987334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3df90000 'C:\WINDOWS\System32\kernel32.dll'
1988334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1989334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'api-ms-win-core-string-l1-1-0'
1990334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1991334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'api-ms-win-core-datetime-l1-1-1'
1992334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1993334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'api-ms-win-core-localization-obsolete-l1-2-0'
1994334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1995334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1996334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e040000 'C:\WINDOWS\System32\ADVAPI32.DLL'
1997334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0c660000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1998334c.f8c: SUPR3HardenedMain: Calling TrustedMain (00007ffd0c661610)...
1999334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2000334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2001334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2002334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2003334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2004334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2005334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2006334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2007334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2008334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2009334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2010334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2011334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2012334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2013334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2014334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2015334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2016334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2017334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2018334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2019334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2020334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2021334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2022334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2023334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2024334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2025334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2026334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2027334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2028334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2029334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2030334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2031334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2032334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2033334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2034334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2035334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
2036334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2037334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2038334c.f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
2039334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2040334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2041334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2042334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2043334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2044334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2045334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2046334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
2047334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2048334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2049334c.f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
2050334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2051334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2052334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd1d300000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2053334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2054334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd1d300000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2055334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2056334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
2057334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
2058334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5062D9B170D174E6DFFCD301D2C820A76C92F7CA
2059334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2060334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2061334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2062334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2063334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2064334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
2065334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
2066334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
2067334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2068334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2069334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2070334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2071334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2072334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2073334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2074334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2075334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2076334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2077334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3b2f0000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2078334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2079334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3b2f0000 'C:\WINDOWS\system32\uxtheme.dll'
2080334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd400e0000 'C:\WINDOWS\system32\user32.dll'
2081334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2082334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2083334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
2084334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
2085334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2086334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2087334c.f8c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
2088334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2089334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dcc0000 'C:\WINDOWS\system32\SHCore.dll'
2090334c.f8c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2091334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2092334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
2093334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2094334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'win32u.dll'.
2095334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
2096334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
2097334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
2098334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2099334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3a9a0000 LB 0x00026000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
2100334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2101334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2102334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2103334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2104334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2105334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2106334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2107334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2108334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2109334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2110334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2111334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2112334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
2113334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2114334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2115334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\system32\winmm.dll'
2116334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2117334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2118334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\system32\winmm.dll'
2119334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2120334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2121334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
2122334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2123334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2124334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3b2f0000 'C:\WINDOWS\system32\uxtheme.dll'
2125334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2126334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2127334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e040000 'C:\WINDOWS\system32\advapi32.dll'
2128334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2129334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2130334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2131334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'profapi.dll'.
2132334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
2133334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
2134334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2135334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2136334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2137334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2138334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2139334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2140334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2141334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3c4b0000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
2142334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2143334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c4b0000 'C:\WINDOWS\system32\userenv.dll'
2144334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2145334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2146334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3df90000 'C:\WINDOWS\System32\kernel32.dll'
2147334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3e0f0000 LB 0x0009f000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
2148334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2149334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
2150334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
2151334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2152334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2153334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2154334c.35a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2155334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2156334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2157334c.35a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2158334c.35a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2159334c.35a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2160334c.35a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2161334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2162334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2163334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2164334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2165334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2166334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2167334c.35a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2168334c.35a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2169334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2170334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2171334c.35a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2172334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2173334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2174334c.35a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2175334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2176334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2177334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2178334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2179334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2180334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2181334c.35a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2182334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2183334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2184334c.35a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2185334c.35a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2186334c.35a0: supR3HardenedDllNotificationCallback: load 00007ffd08780000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2187334c.35a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2188334c.35a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd08780000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2189334c.35a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2190334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2191334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2192334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2193334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2194334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2195334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2196334c.35a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2197334c.35a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2198334c.35a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2199334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2200334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2201334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2202334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2203334c.35a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2204334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2205334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2206334c.35a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2207334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2208334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2209334c.35a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
2210334c.35a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2211334c.35a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2212334c.35a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
2213334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2214334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2215334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2216334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2217334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2218334c.35a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2219334c.35a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2220334c.35a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2221334c.35a0: supR3HardenedDllNotificationCallback: load 00007ffd25bb0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2222334c.35a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2223334c.35a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd25bb0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2224334c.35a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2225334c.35a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2226334c.35a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd404e0000 'C:\Windows\System32\oleaut32.dll'
2227334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e530000 'C:\WINDOWS\system32\gdi32.dll'
2228334c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2229334c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2230334c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2231334c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2232334c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2233334c.448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
2234334c.448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2235334c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2236334c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2237334c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2238334c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2239334c.448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2240334c.448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2241334c.448: supR3HardenedDllNotificationCallback: load 00007ffd3ab40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
2242334c.448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2243334c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ab40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
2244334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2245334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2246334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
2247334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd40600000 LB 0x0015a000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
2248334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2249334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
2250334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
2251334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
2252334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'imm32.dll'.
2253334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
2254334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
2255334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2256334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2257334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2258334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2259334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2260334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2261334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2262334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2263334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2264334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2265334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2266334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2267334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2268334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2269334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
2270334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009c0 pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2271334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
2272334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
2273334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F41B1C1088B7141EC40BC3A829C8A08D763971F
2274334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2275334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2276334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1385_for_KB4013429~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
2277334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2278334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2279334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
2280334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
2281334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd3d11.dll'.
2282334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dcomp.dll'.
2283334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
2284334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2285334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2286334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2287334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2288334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2289334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2290334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2291334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
2292334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2293334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2294334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2295334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2296334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2297334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2298334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2299334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2300334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2301334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2302334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2303334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
2304334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'win32u.dll'.
2305334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
2306334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2307334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2308334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2309334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
2310334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
2311334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2312334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2313334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2314334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2315334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2316334c.f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
2317334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2318334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2319334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
2320334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
2321334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2322334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2323334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2324334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2325334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
2326334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2327334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2328334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2329334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2330334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2331334c.f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
2332334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2333334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2334334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
2335334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2336334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2337334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2338334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2339334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2340334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2341334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2342334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3bb30000 LB 0x0009f000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
2343334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
2344334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd39440000 LB 0x002b6000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
2345334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
2346334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3a9d0000 LB 0x00151000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
2347334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
2348334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd27090000 LB 0x00049000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
2349334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
2350334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd27090000 'C:\WINDOWS\system32\dataexchange.dll'
2351334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2352334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2353334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'
2354334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2355334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
2356334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
2357334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
2358334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
2359334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
2360334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd3b5d0000 LB 0x0011c000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2361334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2362334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2363334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2364334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
2365334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2366334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2367334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2368334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2369334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2370334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2371334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2372334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2373334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2374334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
2375334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2376334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2377334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40600000 'C:\WINDOWS\System32\MSCTF.dll'
2378334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
2379334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
2380334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2381334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2382334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ffa0000 'C:\WINDOWS\System32\ole32.dll'
2383334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2384334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2385334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd404e0000 'C:\WINDOWS\System32\OLEAUT32.dll'
2386334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a6c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2387334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
2388334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
2389334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A290917802D4CF47EA48D3329EF360233350A583
2390334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2391334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2392334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2393334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2394334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2395334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2396334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2397334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2398334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2399334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2400334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2401334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a88 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2402334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
2403334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
2404334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9C43FEE2E561B2B0F306322C4D857AFC8E83D17B
2405334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2406334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2407334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2408334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2409334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2410334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
2411334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
2412334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2413334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2414334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2415334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2416334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2417334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2418334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2419334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2420334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2421334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2422334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2423334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2424334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
2425334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2426334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2427334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2428334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2429334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2430334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd30b00000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2431334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2432334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd2dbb0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2433334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2434334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2435334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2436334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2dbb0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2437334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a64 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2438334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
2439334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
2440334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD02F2EC1572091695F4D052CCF68BAA380A2D88
2441334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2442334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2443334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2444334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2445334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2446334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2447334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2448334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2449334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2450334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2451334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2452334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2453334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2454334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2455334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd2dc70000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2456334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2457334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2dc70000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2458334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2459334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'api-ms-win-core-localization-l1-2-0.dll'
2460334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2461334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3daa0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2462334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2463334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
2464334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
2465334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=37158B4AFADBDB40075A00539346B570E4EDE30C
2466334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2467334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2468334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-onecore-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2469334c.f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2470334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2471334c.f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2472334c.f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2473334c.f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2474334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2475334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2476334c.f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2477334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2478334c.f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2479334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2480334c.f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2481334c.f8c: supR3HardenedDllNotificationCallback: load 00007ffd2b9a0000 LB 0x000f4000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2482334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2483334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b9a0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2484334c.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2485334c.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2486334c.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2487334c.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2488334c.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2489334c.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2490334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2491334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2492334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2493334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2494334c.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2495334c.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2496334c.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2497334c.2f14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2498334c.2f14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2499334c.2f14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2500334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2501334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2502334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2503334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2504334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2505334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2506334c.2f14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2507334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2508334c.2f14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2509334c.2f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2510334c.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2511334c.2f14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2512334c.2f14: supR3HardenedDllNotificationCallback: load 000000006c2b0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2513334c.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2514334c.2f14: supR3HardenedDllNotificationCallback: load 00007ffd11890000 LB 0x002a0000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2515334c.2f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2516334c.2f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd11890000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2517334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2518334c.1dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2519334c.1dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2520334c.1dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2521334c.1dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2522334c.1dec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2523334c.1dec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2524334c.1dec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2525334c.1dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2526334c.1dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2527334c.1dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2528334c.1dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2529334c.1dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2530334c.1dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2531334c.1dec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2532334c.1dec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2533334c.1dec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2534334c.1dec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2535334c.1dec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2536334c.1dec: supR3HardenedDllNotificationCallback: load 00007ffd38e60000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2537334c.1dec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2538334c.1dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38e60000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2539334c.1dec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd400e0000 'C:\WINDOWS\system32\User32.dll'
2540334c.1d50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2541334c.1d50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2542334c.1d50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2543334c.1d50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2544334c.1d50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2545334c.1d50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2546334c.1d50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2547334c.1d50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2548334c.1d50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2549334c.1d50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2550334c.1d50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2551334c.1d50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2552334c.1d50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2553334c.1d50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2554334c.1d50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2555334c.1d50: supR3HardenedDllNotificationCallback: load 00007ffd37be0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2556334c.1d50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2557334c.1d50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd37be0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2558334c.156c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2559334c.156c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2560334c.156c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2561334c.156c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2562334c.156c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2563334c.156c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2564334c.156c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2565334c.156c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2566334c.156c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2567334c.156c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2568334c.156c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2569334c.156c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2570334c.156c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2571334c.156c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2572334c.156c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2573334c.156c: supR3HardenedDllNotificationCallback: load 00007ffd37bd0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2574334c.156c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2575334c.156c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd37bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2576334c.20e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2577334c.20e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2578334c.20e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2579334c.20e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2580334c.20e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2581334c.20e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2582334c.20e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2583334c.20e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2584334c.20e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2585334c.20e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2586334c.20e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2587334c.20e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2588334c.20e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2589334c.20e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2590334c.20e4: supR3HardenedDllNotificationCallback: load 00007ffd37ab0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2591334c.20e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2592334c.20e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd37ab0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2593334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\Shell32.dll'
2594334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2595334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2596334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd11890000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2597334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2598334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2599334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2600334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2601334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2602334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2603334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2604334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2605334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2606334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2607334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2608334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2609334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2610334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2611334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2612334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2613334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2614334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2615334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2616334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2617334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2618334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2619334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd2df50000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2620334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2621334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2df50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2622334c.1b84: supR3HardenedDllNotificationCallback: Unload 00007ffd2df50000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2623334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2624334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2625334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2626334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2627334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2628334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2629334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2630334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2631334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2632334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2633334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2634334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2635334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2636334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2637334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2638334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2639334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2640334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2641334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2642334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2643334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2644334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2645334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2646334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2647334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2648334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2649334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2650334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2651334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2652334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2653334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2654334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
2655334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'cfgmgr32.dll'.
2656334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
2657334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2658334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2659334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2660334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2661334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2662334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2663334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2664334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
2665334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2666334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2667334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2668334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2669334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2670334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2671334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2672334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2673334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2674334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2675334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2676334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2677334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2678334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2679334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2680334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2681334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2682334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2683334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2684334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2685334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2686334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2687334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2688334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2689334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2690334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2691334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2692334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2693334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2694334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2695334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2696334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2697334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2698334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2699334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2700334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2701334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2702334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2703334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2704334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2705334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2706334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2707334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2708334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2709334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2710334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2711334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2712334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd3fb40000 LB 0x00429000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
2713334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2714334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd2f900000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2715334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2716334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd2df40000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2717334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2718334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd3c3b0000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
2719334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2720334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd02320000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2721334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2722334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd02320000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2723334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2724334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2725334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2726334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2727334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd27430000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2728334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2729334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd27430000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2730334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2731334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2732334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2733334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd08780000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2734334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2735334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2736334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2737334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2df40000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2738334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2739334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2740334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2741334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2742334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2743334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2744334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2745334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2746334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2747334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2748334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2749334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2750334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd37190000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2751334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2752334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd37190000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2753334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2754334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2755334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2756334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2757334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2758334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2759334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2760334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2761334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2762334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2763334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2764334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2765334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd338c0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2766334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2767334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd338c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2768334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2769334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2770334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2771334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2772334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2773334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2774334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2775334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2776334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2777334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2778334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2779334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2780334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd31f90000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2781334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2782334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd31f90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2783334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2784334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2785334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2786334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2787334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2788334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2789334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2790334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2791334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2792334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2793334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2794334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2795334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd31f70000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2796334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2797334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd31f70000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2798334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2799334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2800334c.304c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2801334c.304c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2802334c.304c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2803334c.304c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2804334c.304c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2805334c.304c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2806334c.304c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2807334c.304c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2808334c.304c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2809334c.304c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2810334c.304c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2811334c.304c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2812334c.304c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2813334c.304c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2814334c.304c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2815334c.304c: supR3HardenedDllNotificationCallback: load 00007ffd37a20000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2816334c.304c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2817334c.304c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd37a20000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2818334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2819334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2820334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2821334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2822334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2823334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2824334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2825334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
2826334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2827334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2828334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2829334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2830334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2831334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2832334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2833334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2834334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2835334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2836334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2837334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2838334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2839334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2840334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd15450000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2841334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2842334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd15450000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
2843334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2844334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2845334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c3b0000 'C:\WINDOWS\system32\Iphlpapi.dll'
2846334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2847334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2848334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
2849334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2850334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd40250000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
2851334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
2852334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
2853334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd37890000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
2854334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
2855334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2856334c.1b84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)
2857334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2858334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd37720000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
2859334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
2860334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2861334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2862334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
2863334c.1b84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)
2864334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2865334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd37650000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
2866334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
2867334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea8 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
2868334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
2869334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
2870334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D280CDF967AD5FF8409BEF96F4C54C1E47D620AC
2871334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2872334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2873334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2874334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2875334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2876334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2877334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2878334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2879334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2880334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2881334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2882334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2883334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
2884334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2885334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2886334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2887334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2888334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1551_for_KB4013429~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
2889334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2890334c.1b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
2891334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e9c pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
2892334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
2893334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
2894334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2D1E4C0F8001689DAD3880BC6AABF203D6F2118
2895334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2896334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2897334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1551_for_KB4013429~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
2898334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2899334c.1b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
2900334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2901334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2902334c.1b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
2903334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2904334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2905334c.1b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2906334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f6c pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
2907334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
2908334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
2909334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1D44ABC92F5DCFB6E0C03CA5B293AF8332666805
2910334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2911334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2912334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-multimedia-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
2913334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2914334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2915334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'winmm.dll'.
2916334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
2917334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
2918334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2919334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2920334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2921334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2922334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2923334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2924334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2925334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd39170000 LB 0x0009b000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
2926334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2927334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2928334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2929334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd39170000 'C:\WINDOWS\System32\dsound.dll'
2930334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd39170000 'C:\WINDOWS\System32\dsound.dll'
2931334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2932334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2933334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd39170000 'C:\WINDOWS\system32\dsound.dll'
2934334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2935334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2936334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2937334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2938334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'devobj.dll'.
2939334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'propsys.dll'.
2940334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2941334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2942334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2943334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2944334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2945334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2946334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2947334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2948334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2949334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
2950334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
2951334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
2952334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2953334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2954334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2955334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2956334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2957334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2958334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2959334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2960334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2961334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2962334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2963334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'cfgmgr32.dll'.
2964334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
2965334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2966334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2967334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2968334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2969334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2970334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2971334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2972334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
2973334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2974334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2975334c.1b84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
2976334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2977334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2978334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2979334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2980334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd3b7e0000 LB 0x00028000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
2981334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2982334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd3a720000 LB 0x00185000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
2983334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2984334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd37c30000 LB 0x00071000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
2985334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2986334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd37c30000 'C:\WINDOWS\System32\MMDevApi.dll'
2987334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2988334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2989334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd37c30000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
2990334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2991334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2992334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
2993334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d84 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2994334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
2995334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
2996334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0F8D22D5C750466D80CDF20856C3802D0D00236D
2997334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
2998334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
2999334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MMECoreWdmAudio-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
3000334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3001334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3002334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'ksuser.dll'.
3003334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'avrt.dll'.
3004334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'mmdevapi.dll'.
3005334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
3006334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3007334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3008334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3009334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3010334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3011334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3012334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3013334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3014334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
3015334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
3016334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3017334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3018334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3019334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3020334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3021334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
3022334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3023334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3024334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3025334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3026334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3027334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3028334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3029334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3030334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3031334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd38d80000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
3032334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3033334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd393d0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
3034334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3035334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd33900000 LB 0x0003f000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
3036334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3037334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd33900000 'C:\WINDOWS\System32\wdmaud.drv'
3038334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3039334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3040334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd33900000 'C:\WINDOWS\System32\wdmaud.drv'
3041334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3042334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3043334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd33900000 'C:\WINDOWS\System32\wdmaud.drv'
3044334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3045334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3046334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd33900000 'C:\WINDOWS\System32\wdmaud.drv'
3047334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3048334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3049334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd33900000 'C:\WINDOWS\System32\wdmaud.drv'
3050334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3051334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3052334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3053334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
3054334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
3055334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'mmdevapi.dll'.
3056334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
3057334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3058334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3059334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3060334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3061334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3062334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3063334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3064334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3065334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3066334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3067334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3068334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3069334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
3070334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
3071334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcryptprimitives.dll'.
3072334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
3073334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
3074334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd39f60000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
3075334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
3076334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd372f0000 LB 0x00094000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
3077334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3078334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd372f0000 'C:\WINDOWS\System32\AUDIOSES.DLL'
3079334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
3080334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
3081334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
3082334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3083334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3084334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3085334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3086334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
3087334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3088334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3089334c.1b84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
3090334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3091334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3092334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd33900000 'C:\WINDOWS\System32\wdmaud.drv'
3093334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3094334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3095334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd33900000 'C:\WINDOWS\System32\wdmaud.drv'
3096334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd33900000 'C:\WINDOWS\System32\wdmaud.drv'
3097334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eac pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
3098334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3099334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3100334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4E21D9CCCA6678DDCF4BCCDCC18C3601831BA444
3101334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3102334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3103334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-multimedia-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
3104334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3105334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3106334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'mmdevapi.dll'.
3107334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msacm32.dll'.
3108334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmmbase.dll'.
3109334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
3110334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3111334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3112334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3113334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
3114334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3115334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3116334c.1b84: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
3117334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3118334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3119334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3120334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3121334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3122334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
3123334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3124334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3125334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3126334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3127334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3128334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3129334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3130334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3131334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3132334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3133334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3134334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd37bb0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
3135334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3136334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd38d70000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
3137334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3138334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d70000 'C:\WINDOWS\System32\msacm32.drv'
3139334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3140334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3141334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d70000 'C:\WINDOWS\System32\msacm32.drv'
3142334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3143334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3144334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d70000 'C:\WINDOWS\System32\msacm32.drv'
3145334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3146334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3147334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d70000 'C:\WINDOWS\System32\msacm32.drv'
3148334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3149334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3150334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d70000 'C:\WINDOWS\System32\msacm32.drv'
3151334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3152334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3153334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d70000 'C:\WINDOWS\System32\msacm32.drv'
3154334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3155334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3156334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d70000 'C:\WINDOWS\System32\msacm32.drv'
3157334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d70000 'C:\WINDOWS\System32\msacm32.drv'
3158334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d70000 'C:\WINDOWS\System32\msacm32.drv'
3159334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d70000 'C:\WINDOWS\System32\msacm32.drv'
3160334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000da4 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3161334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3162334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3163334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E694D4B2A8B1B0C34C65DD7336FA886E9C3D53EF
3164334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3165334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3166334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-multimedia-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3167334c.1b84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3168334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3169334c.1b84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
3170334c.1b84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3171334c.1b84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3172334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3173334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3174334c.1b84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3175334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3176334c.1b84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3177334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3178334c.1b84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3179334c.1b84: supR3HardenedDllNotificationCallback: load 00007ffd38d60000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
3180334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3181334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d60000 'C:\WINDOWS\System32\midimap.dll'
3182334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3183334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3184334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d60000 'C:\WINDOWS\System32\midimap.dll'
3185334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3186334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3187334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d60000 'C:\WINDOWS\System32\midimap.dll'
3188334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3189334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3190334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38d60000 'C:\WINDOWS\System32\midimap.dll'
3191334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3192334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3193334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3194334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3195334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3196334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3197334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3198334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3199334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd39170000 'C:\WINDOWS\system32\dsound.dll'
3200334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3201334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3202334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3203334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3204334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3205334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3206334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3207334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3208334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd39170000 'C:\WINDOWS\system32\dsound.dll'
3209334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3ae30000 'C:\WINDOWS\System32\winmm.dll'
3210334c.1b84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3211334c.1b84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3212334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd11890000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3213334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3214334c.1b84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3215334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
3216334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
3217334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
3218334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
3219334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
3220334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3221334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
3222334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
3223334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
3224334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e5d0000 'C:\WINDOWS\system32\shell32.dll'
3225334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001188 pwszName=\Device\HarddiskVolume2\Windows\System32\actxprxy.dll
3226334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3227334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3228334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
3229334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\CRYPT32.dll'
3230334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=227D0ADCA54FB67B36BF7077114551E58D62EEF9
3231334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3232334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3233334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1124_for_KB4013429~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\actxprxy.dll'
3234334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3235334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3236334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
3237334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'combase.dll'.
3238334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\actxprxy.dll) WinVerifyTrust
3239334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\actxprxy.dll
3240334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3241334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3242334c.36b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
3243334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3244334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3245334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3246334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3247334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ActXPrxy.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3248334c.36b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\actxprxy.dll
3249334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd2bc60000 LB 0x00365000 C:\Windows\System32\ActXPrxy.dll [fFlags=0x0]
3250334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\actxprxy.dll
3251334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2bc60000 'C:\Windows\System32\ActXPrxy.dll'
3252334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3253334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'iertutil.dll'.
3254334c.36b8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\urlmon.dll)
3255334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\urlmon.dll
3256334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3257334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\iertutil.dll)
3258334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\iertutil.dll
3259334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd331d0000 LB 0x002a2000 C:\WINDOWS\SYSTEM32\iertutil.dll [fFlags=0x0]
3260334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
3261334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd2c920000 LB 0x001c2000 C:\WINDOWS\SYSTEM32\urlmon.dll [fFlags=0x0]
3262334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\urlmon.dll [avoiding WinVerifyTrust]
3263334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3264334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3265334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
3266334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
3267334c.36b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [lacks WinVerifyTrust]
3268334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3269334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3270334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3271334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3272334c.36b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\iertutil.dll'
3273334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011b0 pwszName=\Device\HarddiskVolume2\Windows\System32\urlmon.dll
3274334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3275334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3276334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8E1EE52CD3B204510E8AE2F7D746B41A00CA448
3277334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3278334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3279334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2661_for_KB4015438~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\urlmon.dll'
3280334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3281334c.36b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\urlmon.dll'
3282334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd400e0000 'C:\WINDOWS\System32\user32.dll'
3283334c.1e28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010e8 pwszName=\Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
3284334c.1e28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3285334c.1e28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3286334c.1e28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F9E4946ABC90B40DA5FADCE200D53DA140B2984D
3287334c.1e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3288334c.1e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3289334c.1e28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Shell-ServiceHostBuilder-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll'
3290334c.1e28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3291334c.1e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3292334c.1e28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
3293334c.1e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll) WinVerifyTrust
3294334c.1e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
3295334c.1e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3296334c.1e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3297334c.1e28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3298334c.1e28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3299334c.1e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3300334c.1e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
3301334c.1e28: supR3HardenedDllNotificationCallback: load 00007ffd33890000 LB 0x00019000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll [fFlags=0x0]
3302334c.1e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.Shell.ServiceHostBuilder.dll
3303334c.1e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd33890000 'C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll'
3304334c.1e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
3305334c.1e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WinTypes.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3306334c.1e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd39f60000 'C:\Windows\System32\WinTypes.dll'
3307334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001248 pwszName=\Device\HarddiskVolume2\Windows\System32\ieframe.dll
3308334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3309334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3310334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DC4CDB19357F16260F78343FA82F60B3BC0DCDA0
3311334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3312334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3313334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3666_for_KB4015438~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ieframe.dll'
3314334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3315334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
3316334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
3317334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
3318334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'gdi32.dll'.
3319334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'user32.dll'.
3320334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
3321334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
3322334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'shell32.dll'.
3323334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'iertutil.dll'.
3324334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
3325334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'netapi32.dll'.
3326334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'version.dll'.
3327334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ieframe.dll) WinVerifyTrust
3328334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ieframe.dll
3329334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
3330334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
3331334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3332334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3333334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3334334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
3335334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
3336334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
3337334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
3338334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
3339334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3340334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3341334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3342334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3343334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3344334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3345334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll) WinVerifyTrust
3346334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll
3347334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3348334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3349334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'...
3350334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' [rcNtRedir=0xc0150008]
3351334c.36b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll
3352334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
3353334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
3354334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3355334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3356334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3357334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3358334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3359334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3360334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3361334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3362334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3363334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3364334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3365334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3366334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
3367334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
3368334c.36b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
3369334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3370334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3371334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ieframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3372334c.36b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ieframe.dll
3373334c.36b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll
3374334c.36b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
3375334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netutils.dll)
3376334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netutils.dll
3377334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
3378334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3379334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wkscli.dll)
3380334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
3381334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd390c0000 LB 0x00018000 C:\Windows\System32\NETAPI32.dll [fFlags=0x0]
3382334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll
3383334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd30b80000 LB 0x0000a000 C:\Windows\System32\VERSION.dll [fFlags=0x0]
3384334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
3385334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd3c3f0000 LB 0x0000d000 C:\Windows\System32\NETUTILS.DLL [fFlags=0x0]
3386334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
3387334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd34ed0000 LB 0x00016000 C:\Windows\System32\WKSCLI.DLL [fFlags=0x0]
3388334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wkscli.dll [avoiding WinVerifyTrust]
3389334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd08c80000 LB 0x00c88000 C:\Windows\System32\ieframe.dll [fFlags=0x0]
3390334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ieframe.dll
3391334c.36b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\wkscli.dll'.
3392334c.36b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\wkscli.dll' [rescheduled]
3393334c.36b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\netutils.dll'.
3394334c.36b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\netutils.dll' [rescheduled]
3395334c.36b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\comctl32.dll'.
3396334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3397334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'gdi32.dll'.
3398334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'user32.dll'.
3399334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\comctl32.dll)
3400334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\comctl32.dll
3401334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3402334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3403334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3404334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3405334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3406334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3407334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3408334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3409334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
3410334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
3411334c.36b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
3412334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
3413334c.36b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\comctl32.dll [avoiding WinVerifyTrust]
3414334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd2d930000 LB 0x0027a000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\comctl32.dll [fFlags=0x0]
3415334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\comctl32.dll [avoiding WinVerifyTrust]
3416334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2d930000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\comctl32.dll'
3417334c.36b8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\comctl32.dll'.
3418334c.36b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b\comctl32.dll' [rescheduled]
3419334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd08c80000 'C:\Windows\System32\ieframe.dll'
3420334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
3421334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\PROPSYS.dll (Input=PROPSYS.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3422334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\WINDOWS\System32\PROPSYS.dll'
3423334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
3424334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3425334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\WINDOWS\system32\propsys.dll'
3426334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-ole32-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3427334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3e190000 'api-ms-win-downlevel-ole32-l1-1-0.dll'
3428334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3429334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
3430334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'oleaut32.dll'.
3431334c.36b8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\edputil.dll)
3432334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\edputil.dll
3433334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd2de20000 LB 0x00042000 C:\WINDOWS\SYSTEM32\edputil.dll [fFlags=0x0]
3434334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
3435334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001208 pwszName=\Device\HarddiskVolume2\Windows\System32\edputil.dll
3436334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3437334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3438334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A760798D8DE50C0EDE4D624E5EF50CE93D993381
3439334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3440334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3441334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3442334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3443334c.36b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
3444334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3445334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3446334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3447334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3448334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecoreuap~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\edputil.dll'
3449334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3450334c.36b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\edputil.dll'
3451334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000126c pwszName=\Device\HarddiskVolume2\Windows\System32\secur32.dll
3452334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3453334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3454334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=481C238D443BEF703F93F49A64AA16DC829C0DF4
3455334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3456334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3457334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\secur32.dll'
3458334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3459334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\secur32.dll) WinVerifyTrust
3460334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\secur32.dll
3461334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\Secur32.dll (Input=Secur32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3462334c.36b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll
3463334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd30d00000 LB 0x0000c000 C:\WINDOWS\System32\Secur32.dll [fFlags=0x0]
3464334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll
3465334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd30d00000 'C:\WINDOWS\System32\Secur32.dll'
3466334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3467334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sspicli.dll)
3468334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sspicli.dll
3469334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd3c9d0000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\SSPICLI.DLL [fFlags=0x0]
3470334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sspicli.dll [avoiding WinVerifyTrust]
3471334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3472334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3473334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3474334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3475334c.36b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sspicli.dll'
3476334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sspicli.dll
3477334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\sspicli.dll (Input=sspicli.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3478334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c9d0000 'C:\WINDOWS\System32\sspicli.dll'
3479334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012e8 pwszName=\Device\HarddiskVolume2\Windows\System32\mlang.dll
3480334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3481334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3482334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1510140FD9253388C3880871DD0233BAA0590D68
3483334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3484334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3485334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-onecore~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\mlang.dll'
3486334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3487334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3488334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mlang.dll) WinVerifyTrust
3489334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mlang.dll
3490334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3491334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3492334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MLANG.dll (Input=MLANG.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3493334c.36b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mlang.dll
3494334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd2f0d0000 LB 0x0003f000 C:\WINDOWS\System32\MLANG.dll [fFlags=0x0]
3495334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mlang.dll
3496334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2f0d0000 'C:\WINDOWS\System32\MLANG.dll'
3497334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-shlwapi-l2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3498334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3dcc0000 'api-ms-win-downlevel-shlwapi-l2-1-0.dll'
3499334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001318 pwszName=\Device\HarddiskVolume2\Windows\System32\wininet.dll
3500334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3501334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3502334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C404CED22E9ADA05799AA12370B7B34ACDDC3D3
3503334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3504334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3505334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2661_for_KB4015438~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\wininet.dll'
3506334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3507334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3508334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wininet.dll) WinVerifyTrust
3509334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wininet.dll
3510334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3511334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3512334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WININET.dll (Input=WININET.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3513334c.36b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wininet.dll
3514334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd2e7e0000 LB 0x002ca000 C:\WINDOWS\System32\WININET.dll [fFlags=0x0]
3515334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wininet.dll
3516334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2e7e0000 'C:\WINDOWS\System32\WININET.dll'
3517334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\windows.storage.dll [redoing WinVerifyTrust]
3518334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3519334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3520334c.36b8: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'
3521334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3522334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d090000 'C:\WINDOWS\system32\windows.storage.dll'
3523334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'chrome_elf.dll'.
3524334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
3525334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'psapi.dll'.
3526334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
3527334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3528334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
3529334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'winmm.dll'.
3530334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'userenv.dll'.
3531334c.36b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'winhttp.dll'.
3532334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe)
3533334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe
3534334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winhttp.dll'...
3535334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winhttp.dll' -> '\Device\HarddiskVolume2\Windows\System32\winhttp.dll' [rcNtRedir=0xc0150008]
3536334c.36b8: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winhttp.dll'.
3537334c.36b8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winhttp.dll)
3538334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winhttp.dll
3539334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
3540334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
3541334c.36b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
3542334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3543334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3544334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
3545334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
3546334c.36b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
3547334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3548334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3549334c.36b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
3550334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
3551334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
3552334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
3553334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
3554334c.36b8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\psapi.dll'.
3555334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)
3556334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
3557334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3558334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3559334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'chrome_elf.dll'...
3560334c.36b8: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'chrome_elf.dll'
3561334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3562334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3563334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2b210000 'C:\Windows\System32\cryptnet.dll'
3564334c.36b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe'
3565334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3566334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3567334c.36b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\psapi.dll'
3568334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001348 pwszName=\Device\HarddiskVolume2\Windows\System32\winhttp.dll
3569334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3570334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3571334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A6D1514AAD9E5BB1E4EC51CB385F48F8813D9E97
3572334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3573334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3574334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1579_for_KB4013429~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\winhttp.dll'
3575334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3576334c.36b8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winhttp.dll'
3577334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001274 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
3578334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000ff22f0
3579334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000ff22f0
3580334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F9CC406315314E27C7FDB4238F288080DF7A149
3581334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3582334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3583334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppCompat-Core-base-Package~31bf3856ad364e35~amd64~~10.0.14393.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
3584334c.36b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3585334c.36b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
3586334c.36b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3587334c.36b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3588334c.36b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3589334c.36b8: supR3HardenedDllNotificationCallback: load 00007ffd3b030000 LB 0x0007a000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
3590334c.36b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3591334c.36b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3b030000 'C:\WINDOWS\system32\apphelp.dll'
3592334c.36b8: supR3HardenedDllNotificationCallback: Unload 00007ffd08c80000 LB 0x00c88000 C:\Windows\System32\ieframe.dll [flags=0x0]
3593334c.36b8: supR3HardenedDllNotificationCallback: Unload 00007ffd390c0000 LB 0x00018000 C:\Windows\System32\NETAPI32.dll [flags=0x0]
3594334c.36b8: supR3HardenedDllNotificationCallback: Unload 00007ffd30b80000 LB 0x0000a000 C:\Windows\System32\VERSION.dll [flags=0x0]
3595334c.36b8: supR3HardenedDllNotificationCallback: Unload 00007ffd3c3f0000 LB 0x0000d000 C:\Windows\System32\NETUTILS.DLL [flags=0x0]
3596334c.36b8: supR3HardenedDllNotificationCallback: Unload 00007ffd34ed0000 LB 0x00016000 C:\Windows\System32\WKSCLI.DLL [flags=0x0]
3597334c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3c230000 'C:\WINDOWS\system32\rsaenh.dll'
3598334c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d770000 'C:\Windows\System32\WINTRUST.DLL'
3599334c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\CRYPT32.dll'
3600334c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d820000 'C:\WINDOWS\System32\crypt32.dll'
3601334c.448: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3602334c.448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) WinVerifyTrust
3603334c.448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3604334c.448: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3605334c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40920000 'C:\WINDOWS\System32\ntdll.dll'
3606334c.16f0: supR3HardenedDllNotificationCallback: Unload 00007ffd2bc60000 LB 0x00365000 C:\Windows\System32\ActXPrxy.dll [flags=0x0]
3607334c.16f0: supR3HardenedDllNotificationCallback: Unload 00007ffd33890000 LB 0x00019000 C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll [flags=0x0]
3608334c.2c60: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports
3609334c.2c60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll)
3610334c.2c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll
3611334c.2c60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
3612334c.304c: supR3HardenedDllNotificationCallback: Unload 00007ffd37a20000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3613334c.20e4: supR3HardenedDllNotificationCallback: Unload 00007ffd37ab0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3614334c.156c: supR3HardenedDllNotificationCallback: Unload 00007ffd37bd0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3615334c.1d50: supR3HardenedDllNotificationCallback: Unload 00007ffd37be0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3616334c.1dec: supR3HardenedDllNotificationCallback: Unload 00007ffd38e60000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3617334c.1b84: supR3HardenedDllNotificationCallback: Unload 00007ffd31f70000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
3618334c.1b84: supR3HardenedDllNotificationCallback: Unload 00007ffd31f90000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
3619334c.1b84: supR3HardenedDllNotificationCallback: Unload 00007ffd338c0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
3620334c.1b84: supR3HardenedDllNotificationCallback: Unload 00007ffd37190000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
3621334c.1b84: supR3HardenedDllNotificationCallback: Unload 00007ffd27430000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
3622334c.1b84: supR3HardenedDllNotificationCallback: Unload 00007ffd02320000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
3623334c.1b84: supR3HardenedDllNotificationCallback: Unload 00007ffd2f900000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
3624334c.1b84: supR3HardenedDllNotificationCallback: Unload 00007ffd2df40000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
3625334c.1b84: supR3HardenedDllNotificationCallback: Unload 00007ffd3fb40000 LB 0x00429000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
3626334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd3ab40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
3627334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd2dc70000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0]
3628334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd2b9a0000 LB 0x000f4000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0]
3629334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd2dbb0000 LB 0x00010000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0]
3630334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd30b00000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0]
3631334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd27090000 LB 0x00049000 C:\WINDOWS\system32\dataexchange.dll [flags=0x0]
3632334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd39440000 LB 0x002b6000 C:\WINDOWS\system32\d3d11.dll [flags=0x0]
3633334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd3bb30000 LB 0x0009f000 C:\WINDOWS\system32\dxgi.dll [flags=0x0]
3634334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd3a9d0000 LB 0x00151000 C:\WINDOWS\system32\dcomp.dll [flags=0x0]
3635334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd3b5d0000 LB 0x0011c000 C:\WINDOWS\system32\twinapi.appcore.dll [flags=0x0]
3636334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd25bb0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
3637334c.f8c: supR3HardenedDllNotificationCallback: Unload 00007ffd08780000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
3638334c.f8c: Terminating the normal way: rcExit=0
3639334c.f8c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\tzres.dll'.
3640334c.f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll' [rescheduled]
3641334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3642334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3643334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40920000 'C:\WINDOWS\System32\ntdll.dll'
3644334c.f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3645334c.f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3646334c.f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40920000 'C:\WINDOWS\System32\ntdll.dll'
36471150.35ec: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1953181 ms, the end);
36483198.25dc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1954712 ms, the end);

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette